e356a8f6f36c4a961edb0988b600ccfd9ba925c7e5c7d76e4858ea6a5be445ed

Analysis

max time kernel
119s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96c27e80852c8cfa683ea8de46f6e550N.exe
Size

468KB
MD5

96c27e80852c8cfa683ea8de46f6e550
SHA1

34f4d65d8609e769dc068661b312b4ff37fc697b
SHA256

e356a8f6f36c4a961edb0988b600ccfd9ba925c7e5c7d76e4858ea6a5be445ed
SHA512

9513b328bc3c62389a3b0f981cbb9dc7c07d9a6d12d212a6888d12a8cf607612f43d45d2280482d22d4e560c6f16a8a5137fe0a9f90189d569b5d17be9246710
SSDEEP

3072:O1NhogjdpV8Un+HsPz5Fvficfh1WI8JnWHevVpw22u3UsYNdilv:O1foueUnfP1FvfWxfY22ktYNd

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4860	Unicorn-32752.exe
3664	Unicorn-48512.exe
3940	Unicorn-61319.exe
1088	Unicorn-48912.exe
4080	Unicorn-45191.exe
780	Unicorn-12605.exe
5072	Unicorn-18736.exe
1020	Unicorn-2031.exe
4348	Unicorn-37776.exe
1408	Unicorn-31645.exe
3796	Unicorn-53536.exe
3120	Unicorn-53271.exe
2736	Unicorn-33670.exe
968	Unicorn-44334.exe
3680	Unicorn-30598.exe
2864	Unicorn-23184.exe
4632	Unicorn-19462.exe
548	Unicorn-22992.exe
900	Unicorn-13677.exe
4608	Unicorn-2742.exe
4624	Unicorn-22608.exe
3348	Unicorn-55280.exe
2444	Unicorn-55280.exe
4128	Unicorn-25488.exe
2884	Unicorn-21766.exe
4500	Unicorn-2829.exe
556	Unicorn-41367.exe
3380	Unicorn-51645.exe
3248	Unicorn-47518.exe
3168	Unicorn-53383.exe
216	Unicorn-54992.exe
1348	Unicorn-54800.exe
2548	Unicorn-7078.exe
4520	Unicorn-26944.exe
4676	Unicorn-6886.exe
1396	Unicorn-4093.exe
1480	Unicorn-45968.exe
3804	Unicorn-22925.exe
1852	Unicorn-12143.exe
1948	Unicorn-24758.exe
1520	Unicorn-63648.exe
1712	Unicorn-5517.exe
720	Unicorn-30592.exe
4332	Unicorn-63264.exe
4456	Unicorn-62807.exe
4728	Unicorn-63072.exe
4752	Unicorn-46736.exe
2436	Unicorn-13871.exe
4928	Unicorn-27555.exe
1424	Unicorn-59351.exe
4788	Unicorn-13679.exe
816	Unicorn-9958.exe
2040	Unicorn-37030.exe
4060	Unicorn-41291.exe
944	Unicorn-51095.exe
2044	Unicorn-4271.exe
2716	Unicorn-4271.exe
3724	Unicorn-36944.exe
4908	Unicorn-17078.exe
2628	Unicorn-60686.exe
4952	Unicorn-55895.exe
4324	Unicorn-55392.exe
1404	Unicorn-18998.exe
3896	Unicorn-22336.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
8872	5452	WerFault.exe	210
13988	5212	WerFault.exe	205
16120	13996	WerFault.exe	661

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57591.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6884	dwm.exe
Token: SeChangeNotifyPrivilege	6884	dwm.exe
Token: 33	6884	dwm.exe
Token: SeIncBasePriorityPrivilege	6884	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1112	96c27e80852c8cfa683ea8de46f6e550N.exe
4860	Unicorn-32752.exe
3664	Unicorn-48512.exe
3940	Unicorn-61319.exe
1088	Unicorn-48912.exe
4080	Unicorn-45191.exe
780	Unicorn-12605.exe
5072	Unicorn-18736.exe
1020	Unicorn-2031.exe
1408	Unicorn-31645.exe
4348	Unicorn-37776.exe
3796	Unicorn-53536.exe
3120	Unicorn-53271.exe
2736	Unicorn-33670.exe
968	Unicorn-44334.exe
3680	Unicorn-30598.exe
2864	Unicorn-23184.exe
548	Unicorn-22992.exe
4632	Unicorn-19462.exe
4608	Unicorn-2742.exe
3348	Unicorn-55280.exe
2884	Unicorn-21766.exe
556	Unicorn-41367.exe
4128	Unicorn-25488.exe
900	Unicorn-13677.exe
4500	Unicorn-2829.exe
4624	Unicorn-22608.exe
2444	Unicorn-55280.exe
3168	Unicorn-53383.exe
3380	Unicorn-51645.exe
3248	Unicorn-47518.exe
216	Unicorn-54992.exe
1348	Unicorn-54800.exe
2548	Unicorn-7078.exe
4520	Unicorn-26944.exe
4676	Unicorn-6886.exe
1480	Unicorn-45968.exe
1396	Unicorn-4093.exe
3804	Unicorn-22925.exe
1852	Unicorn-12143.exe
1948	Unicorn-24758.exe
1520	Unicorn-63648.exe
720	Unicorn-30592.exe
4332	Unicorn-63264.exe
1712	Unicorn-5517.exe
4728	Unicorn-63072.exe
4928	Unicorn-27555.exe
4456	Unicorn-62807.exe
2436	Unicorn-13871.exe
4060	Unicorn-41291.exe
4752	Unicorn-46736.exe
4788	Unicorn-13679.exe
1424	Unicorn-59351.exe
2040	Unicorn-37030.exe
816	Unicorn-9958.exe
944	Unicorn-51095.exe
2716	Unicorn-4271.exe
2628	Unicorn-60686.exe
2044	Unicorn-4271.exe
3724	Unicorn-36944.exe
4324	Unicorn-55392.exe
4908	Unicorn-17078.exe
2724	Unicorn-35142.exe
3896	Unicorn-22336.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 4860	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	90
PID 1112 wrote to memory of 4860	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	90
PID 1112 wrote to memory of 4860	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	90
PID 4860 wrote to memory of 3664	4860	Unicorn-32752.exe	92
PID 4860 wrote to memory of 3664	4860	Unicorn-32752.exe	92
PID 4860 wrote to memory of 3664	4860	Unicorn-32752.exe	92
PID 1112 wrote to memory of 3940	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	93
PID 1112 wrote to memory of 3940	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	93
PID 1112 wrote to memory of 3940	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	93
PID 3664 wrote to memory of 1088	3664	Unicorn-48512.exe	96
PID 3664 wrote to memory of 1088	3664	Unicorn-48512.exe	96
PID 3664 wrote to memory of 1088	3664	Unicorn-48512.exe	96
PID 4860 wrote to memory of 4080	4860	Unicorn-32752.exe	97
PID 4860 wrote to memory of 4080	4860	Unicorn-32752.exe	97
PID 4860 wrote to memory of 4080	4860	Unicorn-32752.exe	97
PID 1112 wrote to memory of 780	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	98
PID 1112 wrote to memory of 780	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	98
PID 1112 wrote to memory of 780	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	98
PID 3940 wrote to memory of 5072	3940	Unicorn-61319.exe	99
PID 3940 wrote to memory of 5072	3940	Unicorn-61319.exe	99
PID 3940 wrote to memory of 5072	3940	Unicorn-61319.exe	99
PID 4080 wrote to memory of 1020	4080	Unicorn-45191.exe	100
PID 4080 wrote to memory of 1020	4080	Unicorn-45191.exe	100
PID 4080 wrote to memory of 1020	4080	Unicorn-45191.exe	100
PID 1088 wrote to memory of 4348	1088	Unicorn-48912.exe	102
PID 1088 wrote to memory of 4348	1088	Unicorn-48912.exe	102
PID 1088 wrote to memory of 4348	1088	Unicorn-48912.exe	102
PID 4860 wrote to memory of 1408	4860	Unicorn-32752.exe	101
PID 4860 wrote to memory of 1408	4860	Unicorn-32752.exe	101
PID 4860 wrote to memory of 1408	4860	Unicorn-32752.exe	101
PID 5072 wrote to memory of 3796	5072	Unicorn-18736.exe	103
PID 5072 wrote to memory of 3796	5072	Unicorn-18736.exe	103
PID 5072 wrote to memory of 3796	5072	Unicorn-18736.exe	103
PID 1112 wrote to memory of 3120	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	104
PID 1112 wrote to memory of 3120	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	104
PID 1112 wrote to memory of 3120	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	104
PID 3664 wrote to memory of 2736	3664	Unicorn-48512.exe	105
PID 3664 wrote to memory of 2736	3664	Unicorn-48512.exe	105
PID 3664 wrote to memory of 2736	3664	Unicorn-48512.exe	105
PID 3940 wrote to memory of 968	3940	Unicorn-61319.exe	106
PID 3940 wrote to memory of 968	3940	Unicorn-61319.exe	106
PID 3940 wrote to memory of 968	3940	Unicorn-61319.exe	106
PID 780 wrote to memory of 3680	780	Unicorn-12605.exe	107
PID 780 wrote to memory of 3680	780	Unicorn-12605.exe	107
PID 780 wrote to memory of 3680	780	Unicorn-12605.exe	107
PID 4348 wrote to memory of 2864	4348	Unicorn-37776.exe	108
PID 4348 wrote to memory of 2864	4348	Unicorn-37776.exe	108
PID 4348 wrote to memory of 2864	4348	Unicorn-37776.exe	108
PID 1088 wrote to memory of 4632	1088	Unicorn-48912.exe	109
PID 1088 wrote to memory of 4632	1088	Unicorn-48912.exe	109
PID 1088 wrote to memory of 4632	1088	Unicorn-48912.exe	109
PID 1020 wrote to memory of 548	1020	Unicorn-2031.exe	110
PID 1020 wrote to memory of 548	1020	Unicorn-2031.exe	110
PID 1020 wrote to memory of 548	1020	Unicorn-2031.exe	110
PID 4080 wrote to memory of 4608	4080	Unicorn-45191.exe	112
PID 4080 wrote to memory of 4608	4080	Unicorn-45191.exe	112
PID 4080 wrote to memory of 4608	4080	Unicorn-45191.exe	112
PID 1112 wrote to memory of 900	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	111
PID 1112 wrote to memory of 900	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	111
PID 1112 wrote to memory of 900	1112	96c27e80852c8cfa683ea8de46f6e550N.exe	111
PID 3120 wrote to memory of 4624	3120	Unicorn-53271.exe	113
PID 3120 wrote to memory of 4624	3120	Unicorn-53271.exe	113
PID 3120 wrote to memory of 4624	3120	Unicorn-53271.exe	113
PID 3796 wrote to memory of 3348	3796	Unicorn-53536.exe	115

C:\Users\Admin\AppData\Local\Temp\96c27e80852c8cfa683ea8de46f6e550N.exe
"C:\Users\Admin\AppData\Local\Temp\96c27e80852c8cfa683ea8de46f6e550N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32752.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32752.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55392.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
        9⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        10⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        10⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        10⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        9⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        10⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15974.exe
        9⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        8⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        9⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        10⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        10⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        9⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
        9⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        9⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
        8⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        9⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        9⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        9⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        9⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        8⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
        8⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        8⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        8⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        8⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        8⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        8⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        9⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        10⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        10⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
        10⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22223.exe
        9⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
        9⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        9⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        8⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        8⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        8⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        9⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
        8⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        8⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        7⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
        8⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        7⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        9⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        8⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
        7⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        7⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        7⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        6⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8879.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        9⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        9⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        8⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        8⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
        8⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        8⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        7⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        7⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        7⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        6⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        8⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        8⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        8⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        8⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        7⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        7⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        7⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
        6⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        6⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        6⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        9⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        9⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        8⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39559.exe
        8⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        8⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        7⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        7⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        6⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
        5⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        7⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        7⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        6⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        6⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        6⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        5⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        5⤵
        
        PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        9⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        9⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        8⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        8⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        7⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
        7⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        7⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        8⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        8⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        8⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        7⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
        7⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        7⤵
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14463.exe
        6⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
        7⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 632
        8⤵
        Program crash
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        8⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38911.exe
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
        7⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        8⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        8⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
        7⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        7⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        6⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        8⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        7⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        7⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        6⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        6⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3282.exe
        5⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        5⤵
        
        PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        6⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        8⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        8⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        8⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        7⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        7⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        7⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        6⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
        6⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47088.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        6⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        7⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        7⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        6⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        6⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        5⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
        6⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
        6⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        6⤵
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        5⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        5⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        5⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        6⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        5⤵
        
        PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
      4⤵
      PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
      4⤵
      PID:2440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        9⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16820.exe
        10⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        9⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        9⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        9⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        9⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        9⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        8⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        8⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        8⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31328.exe
        8⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        8⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        7⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43296.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        9⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        9⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        9⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13996 -s 436
        9⤵
        Program crash
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        8⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        7⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        7⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5302.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        6⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        6⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        6⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        8⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28911.exe
        9⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        9⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        8⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        7⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        8⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        8⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23727.exe
        7⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        6⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        7⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44229.exe
        6⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        5⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        7⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
        7⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        7⤵
        
        PID:18052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        6⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        6⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        5⤵
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2742.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        7⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        7⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        7⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        7⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        6⤵
        
        PID:18176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        6⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        7⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        7⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        6⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        5⤵
        
        PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        5⤵
        
        PID:8760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 624
        5⤵
        Program crash
        
        PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        5⤵
        
        PID:15420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
      4⤵
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
      4⤵
      PID:5392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        7⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        8⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        8⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
        7⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        7⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        7⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        6⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        6⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        5⤵
        
        PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        7⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        7⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        6⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        6⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4159.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        5⤵
        
        PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        6⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        5⤵
        
        PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
      4⤵
      PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        5⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        7⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        7⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        6⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54869.exe
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63975.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        6⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        5⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        5⤵
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        5⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30648.exe
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
      4⤵
      PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
      4⤵
      PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50988.exe
        6⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
        5⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        5⤵
        
        PID:18140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20413.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
      4⤵
      PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
      4⤵
      PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        5⤵
        
        PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
      4⤵
      PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
      4⤵
      PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
      4⤵
      PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
    3⤵
    PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
      4⤵
      PID:12080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
      4⤵
      PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
      4⤵
      PID:13972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38478.exe
    3⤵
    PID:10336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
    3⤵
    PID:14620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
    3⤵
    PID:3828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        9⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        9⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20408.exe
        9⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        8⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
        8⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
        8⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        8⤵
        
        PID:17724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        7⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
        7⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        7⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        8⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        7⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42670.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        7⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        7⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        7⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        6⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        8⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        8⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        7⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29693.exe
        7⤵
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        7⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50992.exe
        6⤵
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        6⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        5⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        7⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        7⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
        7⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
        6⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        6⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65276.exe
        5⤵
        
        PID:16356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        6⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        8⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57783.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        7⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3919.exe
        7⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        7⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        8⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14104.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
        7⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        7⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        7⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
        6⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        7⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        6⤵
        
        PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        6⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        5⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        5⤵
        
        PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        5⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31328.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        8⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        7⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        7⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        6⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        6⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
        6⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        6⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        5⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        5⤵
        
        PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        7⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        5⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        6⤵
        
        PID:16348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        6⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        5⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        5⤵
        
        PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
      4⤵
      PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
      4⤵
      PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19985.exe
      4⤵
      PID:16272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51645.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        8⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        7⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        7⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
        7⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
        6⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        6⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31328.exe
        6⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        7⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
        6⤵
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        6⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        6⤵
        
        PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        5⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15668.exe
        6⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15974.exe
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        5⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        5⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        5⤵
        
        PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
      4⤵
      PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
      4⤵
      PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
        7⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        7⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        7⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        6⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        5⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        5⤵
        
        PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
      4⤵
      PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        5⤵
        
        PID:15524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
      4⤵
      PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
      4⤵
      PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        5⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        5⤵
        
        PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
      4⤵
      PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
      4⤵
      PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
      4⤵
      PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      4⤵
      PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
      4⤵
      PID:18028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
    3⤵
    PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
      4⤵
      PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
      4⤵
      PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
      4⤵
      PID:16332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
    3⤵
    PID:8588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
    3⤵
    PID:11668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
    3⤵
    PID:4612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        7⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        7⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        6⤵
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        6⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        5⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        5⤵
        
        PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        5⤵
        
        PID:18228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        5⤵
        
        PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
      4⤵
      PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43296.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        6⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        5⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        6⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        6⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        5⤵
        
        PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-675.exe
      4⤵
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
        5⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
      4⤵
      PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
      4⤵
      PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
    3⤵
    - Executes dropped EXE
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        6⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        5⤵
        
        PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
      4⤵
      PID:8164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
      4⤵
      PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
      4⤵
      PID:13824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
    3⤵
    PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
      4⤵
      PID:13080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
      4⤵
      PID:1168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
    3⤵
    PID:8324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
    3⤵
    PID:11688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
    3⤵
    PID:4160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8143.exe
        6⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        7⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        7⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        6⤵
        
        PID:12896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        6⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        6⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        6⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
      4⤵
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        5⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        5⤵
        
        PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
      4⤵
      PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
      4⤵
      PID:13884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        6⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        5⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        5⤵
        
        PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
      4⤵
      PID:18080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
    3⤵
    PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
      4⤵
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
    3⤵
    PID:8796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
    3⤵
    PID:12344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
    3⤵
    PID:2400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        5⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        5⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        5⤵
        
        PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37248.exe
        5⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        5⤵
        
        PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
      4⤵
      PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        5⤵
        
        PID:16440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
      4⤵
      PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
    3⤵
    PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      4⤵
      PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
      4⤵
      PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
      4⤵
      PID:16480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
    3⤵
    PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
      4⤵
      PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
      4⤵
      PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
      4⤵
      PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
    3⤵
    PID:12160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
    3⤵
    PID:2920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
      4⤵
      PID:12956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
      4⤵
      PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
      4⤵
      PID:16416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
    3⤵
    PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
      4⤵
      PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
      4⤵
      PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
      4⤵
      PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
    3⤵
    PID:10680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
    3⤵
    PID:15104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
    3⤵
    PID:6252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
  2⤵
  PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
    3⤵
    PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
      4⤵
      PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
      4⤵
      PID:15340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
      4⤵
      PID:17256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
    3⤵
    PID:15112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
    3⤵
    PID:15456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
    3⤵
    PID:17400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7119.exe
    3⤵
    PID:6036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
  2⤵
  PID:12136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5452 -ip 5452
1⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5212 -ip 5212
1⤵
PID:12376

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe

Filesize
468KB

MD5
8c3008e7f0aa654a8d3ac3cc57b53c3a

SHA1
d74bc7e16652e79dc98f78f3c1f1f043afdd0f73

SHA256
6345e276054f7d9b798a56ce1eb6380fa6a6c0582cd10642fbde42e8a929ed89

SHA512
ef2b4bf39db188dde1d11f801f3099294e503f4f6ed765d8f6e22308006995615fddf62ac230030d91c80e2fb5f440464e5eeaba42ff370e26c27bd00d263b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe

Filesize
468KB

MD5
40f7661860f1c64b0689466fe241531a

SHA1
c968235a10bd581303f12d494c9bc67c7320e46c

SHA256
d695b37d0695ecb8ac2521e40d9ce84b39708d57268b9a28d86501c57b3443bc

SHA512
c9eb50dd48cf7dbdbf39b3e52f6c76269acd9a150589e2a4194f43610f83c75a545c6157f509c293d1370ba414e8f7f6cd29d8cdf4e6cb0aaf513e3d1a51743d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe

Filesize
468KB

MD5
a935b9c0381a780fcc1983dad8379d72

SHA1
948c986223ec0c3761cff693250aa772cbb6a78d

SHA256
6948d3b24aa603f672691f65bb71b8b7248ff33edbb745a25e53199183ffa0fd

SHA512
9dcb0a20b408e62924accb9edbf715a6b727d25791cb8dc35a835e6794003701e92ccab2a1f28e251cc42bfdf4bb155e33af6eaa186cce30ceafd4cc087c4afa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe

Filesize
468KB

MD5
78b9ee521748630f9401593ab30e37b6

SHA1
f6bcd56cd9c3dbd2047ce200088cf49dad62d29b

SHA256
92782748adc831eaaef0de612d6f813e7c6548c87f0312a77bc202a3b7d49df6

SHA512
c2eccfe2ac10952d7aec99a1663153f10585d4d6edcd3cae55ebefc14f0845f321e007f110e1fbac8d403c9fbba9d41c7779d037dfa22b7737443b85b9272d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe

Filesize
468KB

MD5
37828afb912f509fbbe8da13b92a70e9

SHA1
a64b580eb36e368ab554cf20bf83d5ba191292c0

SHA256
f0bb204815d3504efbb77b15aec31d3d88ca3b54da2ba44ca0a7501c1cb395e9

SHA512
e62ffe9dd56f0164d1269786476d62a957f44cd256da235132dbaac278a1bc07dfe2dc7d164446a43c56e092587491c14beb9eb8f26190c58f8e475fcd4737dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe

Filesize
468KB

MD5
213d7cfb1b336e65cb4c69e9be2c3473

SHA1
7f9f961982e408fa0da2d3a33aabd1327be823eb

SHA256
227416f3966c9176707834b2f329012412d576267c164a34826e693fbbb91eee

SHA512
781b7d3f351a7405a75e1efec25e6818761b713c364814688d0676530d3b154008782869419c869c2f1932b26e5edfbc6b17c4c8b3320e56a3928791faeeafa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe

Filesize
468KB

MD5
84239755e85ae5a5f938b1ee16d9f05a

SHA1
1229244bf9bcd798ab9ccb7561f77bb44dc7f542

SHA256
9eeda40e434c179877edbd70a895d978417c8b850a1f5842b4340dba6c79a702

SHA512
2ae553f99a621b8e26b4ccc5d8e2878586f8dbe9da8db5ff46d53b3a22008feb0a46cac7d20b5fd1e14c6d7efdbcff1565e93ef89e307d270e8f7a30550cf8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe

Filesize
468KB

MD5
0bfd1ca3b171bde650a4475142993096

SHA1
05368ca76adc0fa996cafd37ddf50da724c08fdc

SHA256
418fcaf804e0a04c9a1b9886177d616f62e8c7eaff2ead1ce3334f880de4486c

SHA512
6da4f6939b1a7464ed6602a0c43135321012eca3fb7f9af908ded71dd1ad36de395d9252c9337e7cf514c458da13754a16cff82636318309eae0bca1fdd534e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe

Filesize
468KB

MD5
8cbd840422296b3ec4af05eb5477b592

SHA1
eea3afd703248720119349d517921d7c19f44062

SHA256
e0af0a73525ff2e37b23e02550dec68d87c6145908d3c5e4f9a1cbd6150aa14d

SHA512
c0d533ea35723629c0f880d7421d5506f8302157abc64955c7961fc91f8b04245dcc2adc2b78f64111a0f5af47d5a948fd7dd32d2f13a869de33498e8a91827f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe

Filesize
468KB

MD5
88d02b282534dacfc2ce738f9ded7821

SHA1
1d7a751ad0405748b5e946365ebea37a9687293d

SHA256
37b23e880af7f8fe7500c36cda05141e9f649b5cbb7057d4c9abb5bafc5df3e5

SHA512
d3cf3006b12e6debf5f2cfd3a60791d2195dbb6818feb64cd1bb55f0045d77ccf7b60cae06cde879c753c684f6e741c5a932689ad99302f806f10ada062b6f92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2742.exe

Filesize
468KB

MD5
42622f7ecdbba6a9b100c84d8ba824c7

SHA1
e9cee33efed065eaa0f205d063bbbbd534a976f1

SHA256
ce34f6a515d891d7d072e16c36b97a557eb1bffc753090f4ff0b2ec6daeddf9a

SHA512
39d5b8ce997e736a58811766d2033104a65f4e97c43ca573988b5a26bbfc062b29315e7389ab3c132b02963f19eb368b939a2e27a2e0f70fb3ab588deb815641

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe

Filesize
468KB

MD5
a0f1e452ab1e4c3d8625cb611eccf7da

SHA1
01606e2e767bb16a5342f0766fc86c18614a682b

SHA256
bf6bea077836db54c686ebc3b25aba1ca629d3a117bd66b26bec995f4634f7d9

SHA512
180cd7895140ced2a586df3a865ce48f42c2247cedd6b5721f8532b313ec8dd3541f8f0c4e53d63b5f5c5ec4b8e4cccfd158fcf9bd6ebff3e4553548a2a5db03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe

Filesize
468KB

MD5
aceb70d9e977081cf0395240103aab39

SHA1
e65e74c6f485cb42e65ccdea2291a498eebc6c45

SHA256
48c70329cadcb47e32e2fcf858eb19b62a440b8115bf99730f4e6665908e1ad5

SHA512
8b4574389f3c595cd928db5036bc3d4b3f0ff40369bc4f72d7de284e1589c1f6ae8a8abb83bd75a7cc9dfb5a8edf194179cb2e022d3858d6421fb442ba373229

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe

Filesize
468KB

MD5
955c8e7bc482d347c832990001874c66

SHA1
f71d2de862e28911a28f8ba8a09613549d391549

SHA256
b6690fc537c4fa168c718d4c2f74742f07f9867ba828438f7d764361da553460

SHA512
9964b50aacebc07ddd96472970395e4f3d7a4032baa0565fe96c77edd60be3af5ad15ade85ae731388d8eb9084b8a3a0879aad827f25732bdf10813dc3b501e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32752.exe

Filesize
468KB

MD5
1942c1c79820b7ee411d6b828dcf71d0

SHA1
7def6797d44f28f394579c9b2122b29359d5102d

SHA256
862a5fdf803089447c4b4fe3a681a8b3a5728a35b4ca40f9bd98ab2001fa249b

SHA512
e67c0bea0dea689e8ade1c4297f9758a71266a1414e8e5a98f8da5226645003194249a9512e3dfb73a4f46d6682e202e8bdd27466a5eeaf7c20f6ef39219cfa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe

Filesize
468KB

MD5
53594ef1d51e5e47e2280b5d3029609b

SHA1
0d0cea903669d13a6e12e376c12d029d94cfd096

SHA256
e5fd3e45915b41c18ea953e6b4702c6944d28aa86bbeefc9770d3b3eff20137b

SHA512
87218eff1a84a9523857de94b6b91e5656b46aca753704dcfbc707c54b860d2df619bd768da1fe184ca30d3c054f2a67451a58467169477a72601a98adef00a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe

Filesize
468KB

MD5
ab0539d5a4421657617b2ac834d12276

SHA1
4ac81f790dcca84cd1d731984436590d90762380

SHA256
1e7b76d106e6e1cb709e31b71c879ecd420f12f4e9adb0ad285991dc4440c21d

SHA512
1f85f66ab81e0e1ea0cdd095a1d2b8d3924a776f1f663ed0454649401a0e40a95bfc9ec204eae1957893cec532d48414247206d14fa8b5306285d21ca4fa1190

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe

Filesize
468KB

MD5
887f08ec4807c6aa80e5fded56732708

SHA1
1c2b6938ad8a2decbbbf5f8c1ff16315f70d7429

SHA256
b348e52a8ff84c443f66cc4fbb74b4b5f5bfe47699fec8b93b95ef3cfc631d24

SHA512
d92bdd23b4e1a192ac5c141b00053e0114cb043909355c1cc65e74845435042e1e755fcb233913341fb8212f0e413bbdf60abaf7cb05c48163fe0aec609c368a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe

Filesize
468KB

MD5
ae39bbff0e727d3497d1f8228af6cbdd

SHA1
cac86ce06f93fc7c08349a7f1be560ed0d55d83b

SHA256
7b25f04dd611768f29e1050fcdd76a72017648131f44e8e3c9c19997e906afc2

SHA512
f1685f457ea49d4bfb5e1ec5995c62fcf99525063e4d1fce76e012d8cddadabd3f73b0d047500442cd3b3a3cfe2d7ef3cdafe10bcbffc1a464ca4d382b6c6479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe

Filesize
468KB

MD5
92d1f03a2fd47f3d1d43634d157fecf2

SHA1
a60cb947a9e4e0b27b55ba4686a6b06f4381ea17

SHA256
d4ec734d410401c25688daf25f02402c2305a355bd43eb91c5d25a6c00a255f1

SHA512
1939178285ec034876bd432065d6204492c3e8213969caa61608899d2bb74e5fc60baceff35e44ec42df3caa5fd1eed1f74b77dcc64562e19c9a1e3d329b73eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe

Filesize
468KB

MD5
3cc073507ecb340b254a755f4fe8acb2

SHA1
58d8fe5b7a1c4ce49216eceabfc65480a163d641

SHA256
f8cbb67a8143e14e03e9b640124c53af148fe67e57a996cb00cd460619a581be

SHA512
38aad11bf29a720cc978d45eab94842160c6b50031b19c5aead6f4d11da036f9e27b053ba257798abe8749628fc8a67c989c473a83a36855555bf4bd8708f440

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe

Filesize
468KB

MD5
72739c0277435ae36fdc9d59845afa33

SHA1
dc9d7cd120989588d96b532c01dcbfb8da19aea8

SHA256
eb686eb7e5884c7b7014002919550a8c1ebdf44cd31ce5c190e57583bbaf8af2

SHA512
ed4addce6de8b19fbe957063340e8f7b175feeae4ea18d480b3891c501b5579094f8b48b4bb5356bbba75ed8c0eaaeb634f46888c86d6a2f909408b18bc7fdde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48912.exe

Filesize
468KB

MD5
008052fc46249dcb3d93c5a582fe852a

SHA1
eed117475e348a990770f6a4e705bb2f90445622

SHA256
f446622e23a88681d4c61a6d2af518cfadfcab8ae906a668a343146af5be8fff

SHA512
4c09986debf4eb83a9af04a169b239521406701c9ee6acb57748a2edf6e50ed257fe84ee3091be420c1308d17961b43b7dc08b0631fb3ed1130fac9410246b58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51645.exe

Filesize
468KB

MD5
edf353fd70919ee284553055ca5b11e7

SHA1
bfe7654c5e4bbfb87653531c833d72fe700c71c7

SHA256
b9f0f8c4f889a02a195ec77dcd8ba761862d2c663f6e82ee7d622366499f72c7

SHA512
4e2b555fed4c1c13f723b76db9c5582617942cee38f17855b05adb903c9675bdcf8aee50f54f7300479ff4d7976f2d6f8dddc72793bd40c8991b95a55b96da17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe

Filesize
468KB

MD5
b3c10f43db5adc183fbf0d3cf6ede7d5

SHA1
8285787dfdedc9796f1971a3c99e430e130327ee

SHA256
7b04a9f239c9d266fd07785c11474379f6ec24a36bcaeda98088a8214dca09d3

SHA512
f0192d7464cf141113334385a9842239928046ba7153076bd7f8f841f66f0e9cc0746eab254be0e5a41596fea66394886e4569a908430b02e623a670e6d9cd74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe

Filesize
468KB

MD5
93676eb4bee7fb7c911982ea2aec3d8f

SHA1
37e4bb4d69f70590a4bc2e0d6c0809b7f81ae73d

SHA256
19da9fcb917034da0b26a30bee99977e790c1765b31bd262aa4c0c13575193c3

SHA512
cb7abd3a0709ebbac76fad3ef55be6c458cd380cbc7d3364f0690b948b411ed7361f134023c2e2f416c2b1a0f7d46d30d1a6d6b633ae804eebd797680888f409

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe

Filesize
468KB

MD5
0f4639b3ff391ffa868513962331798e

SHA1
3fbda38c682289f710b9d1ac5f7b0e8deaeb43d7

SHA256
723ef66f9ac5e441464564d65377cf7e47e8248e3f83ef313b7a97e72b43dab2

SHA512
818cb44e8a15c6aa4ddfb66fc80514f68dd0358cdee937de153a3034d398548dbf709b2442babf5e4b31ee0567c440e65e4ce440be3e4efc120b8043bacb9e7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe

Filesize
468KB

MD5
c3aa088e990c43013ae18abcd30296bd

SHA1
5cca0d0daa6b03d9e73a29c831d9d716bf267548

SHA256
a0c955065570ef68f551ac1921051b0ebd0d53abe5e530cb7ff6f9709f21cdef

SHA512
2d51d25d80c420d2494d15ea99e95a45beb17f764b90ee452b33b64a188788410821754c88f954bf4a8e7e8039f857f1b448362fe027a589829a7a8a76af8d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe

Filesize
468KB

MD5
dead7b13116fafbe680d5265408d080a

SHA1
0c59152b390b8f893849a6eaf85d70401ed42814

SHA256
119890ad49a0109bab53fdbf0e4dee46824119d625d84bf2781e3020a5092eef

SHA512
99e6a2eb152170edfed6c32b42f827b0f1edd0a1edd5343df3bc200d103962a47548f84dbeacc153ec1f328e257ac7fc4a6e4b6eb5146283a4e38179cce3d6b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe

Filesize
468KB

MD5
390249aaa656dcd4f8d3929e7506bd30

SHA1
94c7ccf384bf3b527692ead3dd1fbe88236e311e

SHA256
80439349794d13393d800c6d1aa52edb26ec2c4785cc43bc9e7c91347af25ae5

SHA512
80e7d5eb0795ae4d3940b02d44349624b880fb2cc6265264283cc86e622927ad542cb538588d91eda46e692a165faa09e36a68a7912809b0082d7278af3ee1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe

Filesize
468KB

MD5
990fdc835ea8a8973559282dffbda0fd

SHA1
098e420308d748fa539ddcce32b4db7b7559e2ed

SHA256
fbaa10747edbe6306620c85a25262450cf315084094196c51b4c642c8f025c58

SHA512
9a006ccd2cbbf32be80256a23059adb4c2b1faec1333a510b014f213787bd5a74b517ad68d42aa1611622369198bfd0e1f4ac63f18446aa91311235cec7ebb0b

Download Submit
memory/216-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/228-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/548-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/556-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/636-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/692-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/780-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/816-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/900-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/944-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/968-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1020-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1088-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1112-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1348-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1404-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1408-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1424-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1480-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1520-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1712-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1852-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1948-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1952-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2044-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2340-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2444-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2548-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2716-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2864-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2884-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3120-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3168-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3248-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3348-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3380-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3380-2415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3592-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3680-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3724-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3796-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3804-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3940-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4060-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4128-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4132-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4324-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4348-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4500-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4504-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4520-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4608-155-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4632-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4644-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4728-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4752-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4788-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4908-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4928-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4952-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5140-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5240-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5316-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5352-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5492-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5524-516-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5548-517-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5568-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5608-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5624-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5640-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5708-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5756-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5768-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5780-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13200-2770-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15112-2453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15676-2416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16112-2960-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16176-2466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads