95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0

Analysis

max time kernel
119s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe
Size

468KB
MD5

9670c13f6f694f9175de3c63d78ba450
SHA1

c6f79e3a3be96a665550804818c4d953b56e3f1f
SHA256

95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0
SHA512

26a2f2fbea32baf00266967d9b1543f908d0565fdaf937e8f8467a73b7c0d263abb817ccea0f0a48d61f33e70e019d08203fadb9d709a80aeae7e54ce7dea393
SSDEEP

3072:Xq0bogCdj08G2bY5Pzh1ff8l1CyAXip5nmHevVpzY8N3WCF/krly:Xq8oh5G2KPN1ffFq/bY8NdF/k

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4756	Unicorn-45160.exe
3584	Unicorn-46561.exe
808	Unicorn-54407.exe
2188	Unicorn-22929.exe
2972	Unicorn-13343.exe
4488	Unicorn-35054.exe
3520	Unicorn-41185.exe
3940	Unicorn-8424.exe
3076	Unicorn-29207.exe
4092	Unicorn-48808.exe
1828	Unicorn-32737.exe
684	Unicorn-49073.exe
4220	Unicorn-49073.exe
4728	Unicorn-40582.exe
4336	Unicorn-54318.exe
4328	Unicorn-25633.exe
4312	Unicorn-8071.exe
3492	Unicorn-43505.exe
2464	Unicorn-59271.exe
1352	Unicorn-54688.exe
4056	Unicorn-2472.exe
3560	Unicorn-22766.exe
4224	Unicorn-28897.exe
2836	Unicorn-9031.exe
872	Unicorn-28897.exe
1312	Unicorn-28897.exe
2924	Unicorn-28897.exe
1780	Unicorn-44968.exe
3272	Unicorn-25367.exe
3056	Unicorn-42457.exe
4884	Unicorn-47096.exe
1368	Unicorn-23080.exe
2444	Unicorn-41646.exe
4840	Unicorn-20951.exe
3892	Unicorn-31422.exe
4260	Unicorn-12856.exe
524	Unicorn-63919.exe
1496	Unicorn-47641.exe
1356	Unicorn-47641.exe
1136	Unicorn-19223.exe
3432	Unicorn-26344.exe
632	Unicorn-3271.exe
4216	Unicorn-19607.exe
3548	Unicorn-64169.exe
2564	Unicorn-38513.exe
1816	Unicorn-62447.exe
3472	Unicorn-15854.exe
648	Unicorn-49696.exe
2668	Unicorn-49696.exe
2892	Unicorn-46992.exe
1444	Unicorn-41127.exe
1484	Unicorn-61201.exe
4900	Unicorn-61263.exe
4208	Unicorn-37273.exe
3568	Unicorn-47479.exe
1848	Unicorn-11808.exe
3200	Unicorn-27880.exe
2660	Unicorn-28145.exe
3276	Unicorn-32975.exe
5004	Unicorn-49120.exe
2228	Unicorn-49120.exe
3928	Unicorn-57288.exe
4048	Unicorn-19462.exe
1728	Unicorn-13920.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
3200	4224	WerFault.exe	112
3276	872	WerFault.exe	114
3500	1312	WerFault.exe	116
4000	2924	WerFault.exe	115
5444	7116	WerFault.exe	271
7172	7032	WerFault.exe	270
8232	7032	WerFault.exe	270
8228	7116	WerFault.exe	271
9640	6784	WerFault.exe	258
15676	15104	WerFault.exe	747

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicoõn-32390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicoõn-34848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48146.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6552	dwm.exe
Token: SeChangeNotifyPrivilege	6552	dwm.exe
Token: 33	6552	dwm.exe
Token: SeIncBasePriorityPrivilege	6552	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe
4756	Unicorn-45160.exe
3584	Unicorn-46561.exe
808	Unicorn-54407.exe
4488	Unicorn-35054.exe
2972	Unicorn-13343.exe
3520	Unicorn-41185.exe
2188	Unicorn-22929.exe
3940	Unicorn-8424.exe
4092	Unicorn-48808.exe
4220	Unicorn-49073.exe
684	Unicorn-49073.exe
4336	Unicorn-54318.exe
3076	Unicorn-29207.exe
1828	Unicorn-32737.exe
4728	Unicorn-40582.exe
4328	Unicorn-25633.exe
4312	Unicorn-8071.exe
3492	Unicorn-43505.exe
2464	Unicorn-59271.exe
4056	Unicorn-2472.exe
1352	Unicorn-54688.exe
3560	Unicorn-22766.exe
3272	Unicorn-25367.exe
1780	Unicorn-44968.exe
1312	Unicorn-28897.exe
4224	Unicorn-28897.exe
2924	Unicorn-28897.exe
2836	Unicorn-9031.exe
872	Unicorn-28897.exe
3056	Unicorn-42457.exe
4884	Unicorn-47096.exe
2444	Unicorn-41646.exe
1368	Unicorn-23080.exe
4840	Unicorn-20951.exe
3892	Unicorn-31422.exe
4260	Unicorn-12856.exe
524	Unicorn-63919.exe
1356	Unicorn-47641.exe
1496	Unicorn-47641.exe
1136	Unicorn-19223.exe
3432	Unicorn-26344.exe
632	Unicorn-3271.exe
3548	Unicorn-64169.exe
2564	Unicorn-38513.exe
4216	Unicorn-19607.exe
1816	Unicorn-62447.exe
3472	Unicorn-15854.exe
1444	Unicorn-41127.exe
648	Unicorn-49696.exe
2892	Unicorn-46992.exe
2668	Unicorn-49696.exe
4900	Unicorn-61263.exe
1484	Unicorn-61201.exe
3568	Unicorn-47479.exe
4208	Unicorn-37273.exe
3276	Unicorn-32975.exe
2660	Unicorn-28145.exe
1848	Unicorn-11808.exe
5004	Unicorn-49120.exe
3200	Unicorn-27880.exe
4048	Unicorn-19462.exe
2228	Unicorn-49120.exe
4732	Unicorn-4792.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 4756	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	83
PID 5056 wrote to memory of 4756	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	83
PID 5056 wrote to memory of 4756	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	83
PID 4756 wrote to memory of 3584	4756	Unicorn-45160.exe	84
PID 4756 wrote to memory of 3584	4756	Unicorn-45160.exe	84
PID 4756 wrote to memory of 3584	4756	Unicorn-45160.exe	84
PID 5056 wrote to memory of 808	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	85
PID 5056 wrote to memory of 808	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	85
PID 5056 wrote to memory of 808	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	85
PID 3584 wrote to memory of 2188	3584	Unicorn-46561.exe	88
PID 3584 wrote to memory of 2188	3584	Unicorn-46561.exe	88
PID 3584 wrote to memory of 2188	3584	Unicorn-46561.exe	88
PID 4756 wrote to memory of 2972	4756	Unicorn-45160.exe	89
PID 4756 wrote to memory of 2972	4756	Unicorn-45160.exe	89
PID 4756 wrote to memory of 2972	4756	Unicorn-45160.exe	89
PID 5056 wrote to memory of 4488	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	90
PID 5056 wrote to memory of 4488	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	90
PID 5056 wrote to memory of 4488	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	90
PID 808 wrote to memory of 3520	808	Unicorn-54407.exe	91
PID 808 wrote to memory of 3520	808	Unicorn-54407.exe	91
PID 808 wrote to memory of 3520	808	Unicorn-54407.exe	91
PID 4488 wrote to memory of 3940	4488	Unicorn-35054.exe	95
PID 4488 wrote to memory of 3940	4488	Unicorn-35054.exe	95
PID 4488 wrote to memory of 3940	4488	Unicorn-35054.exe	95
PID 808 wrote to memory of 3076	808	Unicorn-54407.exe	96
PID 808 wrote to memory of 3076	808	Unicorn-54407.exe	96
PID 808 wrote to memory of 3076	808	Unicorn-54407.exe	96
PID 5056 wrote to memory of 4092	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	97
PID 5056 wrote to memory of 4092	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	97
PID 5056 wrote to memory of 4092	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	97
PID 2188 wrote to memory of 1828	2188	Unicorn-22929.exe	99
PID 2188 wrote to memory of 1828	2188	Unicorn-22929.exe	99
PID 2188 wrote to memory of 1828	2188	Unicorn-22929.exe	99
PID 2972 wrote to memory of 684	2972	Unicorn-13343.exe	98
PID 2972 wrote to memory of 684	2972	Unicorn-13343.exe	98
PID 2972 wrote to memory of 684	2972	Unicorn-13343.exe	98
PID 3520 wrote to memory of 4220	3520	Unicorn-41185.exe	100
PID 3520 wrote to memory of 4220	3520	Unicorn-41185.exe	100
PID 3520 wrote to memory of 4220	3520	Unicorn-41185.exe	100
PID 3584 wrote to memory of 4728	3584	Unicorn-46561.exe	101
PID 3584 wrote to memory of 4728	3584	Unicorn-46561.exe	101
PID 3584 wrote to memory of 4728	3584	Unicorn-46561.exe	101
PID 4756 wrote to memory of 4336	4756	Unicorn-45160.exe	102
PID 4756 wrote to memory of 4336	4756	Unicorn-45160.exe	102
PID 4756 wrote to memory of 4336	4756	Unicorn-45160.exe	102
PID 3940 wrote to memory of 4328	3940	Unicorn-8424.exe	105
PID 3940 wrote to memory of 4328	3940	Unicorn-8424.exe	105
PID 3940 wrote to memory of 4328	3940	Unicorn-8424.exe	105
PID 4488 wrote to memory of 4312	4488	Unicorn-35054.exe	106
PID 4488 wrote to memory of 4312	4488	Unicorn-35054.exe	106
PID 4488 wrote to memory of 4312	4488	Unicorn-35054.exe	106
PID 4092 wrote to memory of 3492	4092	Unicorn-48808.exe	107
PID 4092 wrote to memory of 3492	4092	Unicorn-48808.exe	107
PID 4092 wrote to memory of 3492	4092	Unicorn-48808.exe	107
PID 5056 wrote to memory of 2464	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	108
PID 5056 wrote to memory of 2464	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	108
PID 5056 wrote to memory of 2464	5056	95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe	108
PID 4220 wrote to memory of 1352	4220	Unicorn-49073.exe	109
PID 4220 wrote to memory of 1352	4220	Unicorn-49073.exe	109
PID 4220 wrote to memory of 1352	4220	Unicorn-49073.exe	109
PID 3076 wrote to memory of 4056	3076	Unicorn-29207.exe	110
PID 3076 wrote to memory of 4056	3076	Unicorn-29207.exe	110
PID 3076 wrote to memory of 4056	3076	Unicorn-29207.exe	110
PID 808 wrote to memory of 3560	808	Unicorn-54407.exe	111

C:\Users\Admin\AppData\Local\Temp\95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe
"C:\Users\Admin\AppData\Local\Temp\95f1b82c8979869c85df351f2194d010d369690f28c19d3ef233e972f6f2c5c0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 484
        7⤵
        Program crash
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        9⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        9⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        8⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
        8⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        8⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        7⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        7⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        8⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        7⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        7⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        7⤵
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        7⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        9⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        9⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        9⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2405.exe
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57160.exe
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
        8⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        8⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
        7⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        7⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
        8⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        8⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        8⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        8⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2405.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        7⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
        8⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
        7⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
        7⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48288.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        6⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        8⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        8⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        8⤵
        
        PID:17808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        7⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        7⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        6⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
        7⤵
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39543.exe
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        6⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        6⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        5⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        6⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22214.exe
        6⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 464
        6⤵
        Program crash
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        5⤵
        Executes dropped EXE
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        8⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        8⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        7⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        7⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
        6⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47857.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        7⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        7⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        6⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        6⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        5⤵
        
        PID:15296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        5⤵
        
        PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13920.exe
        5⤵
        Executes dropped EXE
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        7⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10695.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
        6⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        6⤵
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        5⤵
        
        PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
      4⤵
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        7⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
        6⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        6⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        5⤵
        
        PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
      4⤵
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        5⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57729.exe
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
      4⤵
      PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61516.exe
      4⤵
      PID:16800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 484
        6⤵
        Program crash
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        7⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        7⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        6⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21229.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25206.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        5⤵
        
        PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        8⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
        8⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        7⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        6⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        7⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        6⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        6⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
        5⤵
        
        PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        6⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        7⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40366.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
      4⤵
      PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
      4⤵
      PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
      4⤵
      PID:6600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 484
        5⤵
        Program crash
        
        PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        6⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
        7⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        7⤵
        
        PID:17796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        5⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
        6⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        5⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
      4⤵
      PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        5⤵
        
        PID:16204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
      4⤵
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
      4⤵
      PID:16644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        5⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        8⤵
        
        PID:15104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15104 -s 460
        9⤵
        Program crash
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        8⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        7⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        6⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        6⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        6⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        5⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicoõn-48937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-48937.exe
        6⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicoõn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-8462.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicoõn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-12275.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
      4⤵
      PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        5⤵
        
        PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
      4⤵
      PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
      4⤵
      PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      4⤵
      PID:12348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        7⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        7⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        6⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
        5⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
        5⤵
        
        PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26879.exe
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        5⤵
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
      4⤵
      PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      4⤵
      PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
    3⤵
    PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        5⤵
        
        PID:16388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50208.exe
      4⤵
      PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
      4⤵
      PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      4⤵
      PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
    3⤵
    PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
      4⤵
      PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
    3⤵
    PID:10572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58671.exe
    3⤵
    PID:14956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
    3⤵
    PID:6520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50281.exe
        10⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        10⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        9⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        9⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        9⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        8⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
        7⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
        8⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        8⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        8⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        7⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        8⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
        7⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64239.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13198.exe
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        7⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        6⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        7⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        6⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
        6⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        6⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        7⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        7⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        6⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        7⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        6⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        6⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13198.exe
        5⤵
        
        PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        8⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        8⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22440.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43299.exe
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        7⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17785.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        5⤵
        
        PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        8⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        7⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        6⤵
        
        PID:17712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        5⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        5⤵
        
        PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        5⤵
        
        PID:16652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
      4⤵
      PID:15276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        6⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58848.exe
        8⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        7⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        7⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28320.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        8⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
        8⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        7⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        6⤵
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
        5⤵
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        7⤵
        
        PID:18168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
        6⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        7⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40044.exe
        7⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        6⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1250.exe
        5⤵
        
        PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        5⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        7⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        6⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47669.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
        7⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        7⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        6⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        5⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        5⤵
        
        PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
      4⤵
      PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicoõn-49513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-49513.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicoõn-21783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-21783.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicoõn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-12275.exe
        6⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
      4⤵
      PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
      4⤵
      PID:1644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        6⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        7⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        6⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        5⤵
        
        PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58831.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        5⤵
        
        PID:16112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
      4⤵
      PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        5⤵
        
        PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
      4⤵
      PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
      4⤵
      PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
      4⤵
      PID:15284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
      4⤵
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
        5⤵
        
        PID:18288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
      4⤵
      PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
      4⤵
      PID:17692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22214.exe
        5⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        5⤵
        
        PID:13488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
      4⤵
      PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
      4⤵
      PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48432.exe
      4⤵
      PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
      4⤵
      PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
    3⤵
    PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55720.exe
      4⤵
      PID:16136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
    3⤵
    PID:11544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
    3⤵
    PID:15384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
    3⤵
    PID:16128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
    3⤵
    PID:15740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
    3⤵
    PID:15552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        8⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        7⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        7⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4950.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-34848.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-32390.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-46179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-46179.exe
        8⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        7⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        7⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46709.exe
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        7⤵
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        6⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
        6⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33119.exe
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        6⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        5⤵
        
        PID:432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        8⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        7⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        6⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        7⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        6⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38743.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        7⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        5⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        5⤵
        
        PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        7⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        7⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
        6⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        5⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
        5⤵
        
        PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
      4⤵
      PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
      4⤵
      PID:14976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        8⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        8⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        6⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
        5⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        6⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55720.exe
        7⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        6⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        5⤵
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        7⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        7⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
        6⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        5⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        5⤵
        
        PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48169.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62131.exe
        6⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        5⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
      4⤵
      PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
        5⤵
        
        PID:15716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
      4⤵
      PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
      4⤵
      PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-40800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-40800.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-14295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-14295.exe
        7⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-23210.exe
        7⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30949.exe
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28520.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17347.exe
        5⤵
        
        PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        5⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        5⤵
        
        PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
      4⤵
      PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
      4⤵
      PID:15168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
      4⤵
      PID:16708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicoõn-58449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-58449.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicoõn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-6215.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicoõn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicoõn-12275.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        5⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:10500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
      4⤵
      PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        5⤵
        
        PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
      4⤵
      PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
    3⤵
    PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        5⤵
        
        PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
      4⤵
      PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        5⤵
        
        PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
      4⤵
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      4⤵
      PID:15572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
    3⤵
    PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
      4⤵
      PID:16088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
      4⤵
      PID:12200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
    3⤵
    PID:10648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
    3⤵
    PID:15220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
    3⤵
    PID:16536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        5⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        7⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24198.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        6⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        5⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        6⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
      4⤵
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
        6⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        5⤵
        
        PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48937.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        5⤵
        
        PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
      4⤵
      PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
      4⤵
      PID:15772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
      4⤵
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        5⤵
        
        PID:6784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 636
        6⤵
        Program crash
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42225.exe
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        5⤵
        
        PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
      4⤵
      PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      4⤵
      PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
    3⤵
    PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
      4⤵
      PID:7032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 464
        5⤵
        Program crash
        
        PID:7172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 420
        5⤵
        Program crash
        
        PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
      4⤵
      PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
      4⤵
      PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
      4⤵
      PID:5612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
    3⤵
    PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27752.exe
      4⤵
      PID:13044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
    3⤵
    PID:10624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:15004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
    3⤵
    PID:4316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
        5⤵
        
        PID:7116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 464
        6⤵
        Program crash
        
        PID:5444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 420
        6⤵
        Program crash
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
      4⤵
      PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4967.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        5⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        5⤵
        
        PID:16764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
      4⤵
      PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
      4⤵
      PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
    3⤵
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
      4⤵
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        6⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        5⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        5⤵
        
        PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
      4⤵
      PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        5⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
        5⤵
        
        PID:18152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
      4⤵
      PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
      4⤵
      PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
      4⤵
      PID:16404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
    3⤵
    PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
      4⤵
      PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8703.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
      4⤵
      PID:17076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
    3⤵
    PID:6932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
    3⤵
    PID:10864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:15208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31601.exe
    3⤵
    PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        5⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
      4⤵
      PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
      4⤵
      PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
      4⤵
      PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
      4⤵
      PID:16620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
      4⤵
      PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
      4⤵
      PID:6096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
    3⤵
    PID:10832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
    3⤵
    PID:4908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
  2⤵
  PID:224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
    3⤵
    PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
      4⤵
      PID:15536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
    3⤵
    PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
      4⤵
      PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
      4⤵
      PID:836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
    3⤵
    PID:11984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6538.exe
    3⤵
    PID:5972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
  2⤵
  PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
    3⤵
    PID:9272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4382.exe
    3⤵
    PID:13184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
    3⤵
    PID:15784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
  2⤵
  PID:8836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
  2⤵
  PID:10840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
  2⤵
  PID:16636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2924 -ip 2924
1⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1312 -ip 1312
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 872 -ip 872
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4224 -ip 4224
1⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7032 -ip 7032
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 7116 -ip 7116
1⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7032 -ip 7032
1⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7116 -ip 7116
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6784 -ip 6784
1⤵
PID:7340

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe

Filesize
468KB

MD5
42eac8a8b080fd79abe67df027b413d0

SHA1
e6493d5418c19f8c2bdded93dc518acf4a63ae47

SHA256
ce91f978da201459e8a0f9aaa2c69f69f4e1d9787f2d38cbfdfc5a55b09d1703

SHA512
29c09d71ee592909c571bf70493baf80722f73e28d4aa893ee0fbf4934e7e173dd194a4ae8d3f1f2d9d7db2692c9dcb8740b4be8c66fa4c664bc647640062bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe

Filesize
468KB

MD5
8220eb2d009029477fe1ae5524502eb8

SHA1
29d3958a7ab12014e1695fc44579fe19652405b8

SHA256
a090e1cd0cffd31e7b9f304ab2b66f101fdc3da1a95ea299590bea9b65bc6c8c

SHA512
333463749e1b02dfa78f728ab048b13113d8fe689081ba749a0830e5b21b85cf38fc17ec1f60e1aa026208de2e524bf71e6cf23450f641581821b9d368e5c3ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe

Filesize
468KB

MD5
8cd1a5bb6755d3eacf71e542c76310d1

SHA1
17c301d17ab328f86813d520a50a8483279e8224

SHA256
efc0b0f337efea64d60eb4421c3bd2d857d7cddffb3d17462851c4c0f74ed253

SHA512
4c9c1f32eb2fac192201f4526d13f62545466ea274c86c376861156f242f59ce1ba473f369a8344174289508f70b655c2e0f90e40d2d81190213ec9a9e82db61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe

Filesize
468KB

MD5
b958bb73bf834f2a32f17be25d03a606

SHA1
a66d8c33dc45217fa4bd941460b2a0a3e4cbd49c

SHA256
4111488a86d72151ec660a5658b4ea936113c11880e613af1ca2c52bfe99a46f

SHA512
ba08783abe226313685ea133eb7e108b3cacbcad446d6cd17aa376f13178bc0e42d68a34ec97b816902dc436e122f06021783f9b1ee424d510401439e3ad5b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe

Filesize
468KB

MD5
04687d4c59964b8a43e6b4bf7869802b

SHA1
acae57b64bb7f5036ee28951817c4f244415be58

SHA256
f8ade4a21c116537f4d36fcd53f577709aec055a936fa0cfde700903d9e655bb

SHA512
7110c9025d8e345bc6ab79f0ff3ad31baa9defdd5123964b7a8542c55da2268f4a4277acd82d299f39e1a750c487c749464afcd0d34d13846438610daf8299af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe

Filesize
468KB

MD5
bece166a47ac7e30ede853c52443884d

SHA1
2c4e6bc9583389736258d41d2797f9963fdef4e7

SHA256
e7c6d1dc89f362e4cbefccfaf73c494516303b77d8758bbb787b8efe9c9d2383

SHA512
adf4108cb5c2a27f4e54de1b665b381368b113a21f5ff60dd10c6d754f03ba986785787b1096705406d4904eb71824ac1a136a3bb53de5fc42a714be3395a8a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe

Filesize
468KB

MD5
1ea3249e90b577f00ac1e6dd93147b4c

SHA1
99252261b2f5a82b6fb8519790943764154055b9

SHA256
6785735a6f7f81e617afcdbce7897f03d613bb420881f9f618073e8c7c80a5f2

SHA512
d073e530cc66c67da1d716d9abffbaa961792c19fd473bc4f20a1379f225fec6bcc81864eac5493290c687a3ac1cce1d71839ccfb236526f0aae37715e466add

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe

Filesize
468KB

MD5
fe25408eae5532fc6cbc04683d4f8227

SHA1
e4ee83c7e0fc82f6af5571e457d0545c2c2a6c79

SHA256
6be3ca4a2753ca7903288039cb3ca44de45d7fd8c5921bdbd7d000f110351e06

SHA512
d9e22cba95ea68d7c842594d1e6eee40d8b36e39b82a2afc9f4531643615730ad7b60ef7c0de05936fbf327f71c488fa0cca31d0de9fbe3396ba73f969e4ff86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe

Filesize
468KB

MD5
b80475b670e8716c3c5fd216f5fc11ac

SHA1
4bc584b7d57656d56a3f6ab44e1e98e04d7eb4c1

SHA256
af7eed883b3ec97f26434fc478ece2fdf3157639ffbaf610320199201d05763d

SHA512
68a9fe5c37879bd5626f0f67a3c71a1caebb1cb6b8aeb81b9371b958c49242ff4214c870b558977618ef0f368ab903be8df81d0b8b4b335c4ac25a1ea953eb23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe

Filesize
468KB

MD5
a59ee48c7d158853c77b3e6e743dfe56

SHA1
92b4b75c3e11c67cab16d643a8981678287fbc76

SHA256
f4bbd2f33ad48dc82634adb9acf03f66fec80640e3281ab87f76d69b0636b46a

SHA512
0710a21445afc8025e75b030cc7ec5f23dfd6a3df1f97e422758c570144363d40a18d8ae1be5e6e1a2a7da63b5c368b639b05adc5ebfb6ef180f866122347a15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe

Filesize
468KB

MD5
d6585de2fd03fbed70dab37c350f8157

SHA1
188c372b477fe31ec3c4b255295f0e8510fe16d1

SHA256
ecab7000abda7d2a0307aded95f7f0b4fcdb4fae7c790a25687bf9f076396990

SHA512
6f6e6c3fea73bf5fafa20c230271bfd8c6c2e6a4194c35ac30c241f14381c980a4fc3e8dfe549d7ad9062dda2ef9bdaf66118864223cd3664ab79a192b56b03b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe

Filesize
468KB

MD5
a9495ee73bd44cc5f434e505f93909d8

SHA1
afee0f65dfe61479afafd699f032d9bfa257fd3f

SHA256
cd9afb3d1ec4865c80016cd0b9dcce2c56798c463057d5f7e78306b3f50814fa

SHA512
f13c04081ba37fe003118b9b55a2ab40d06ed1e8d8f3570dc7fe26728e8d1918a503df6cd703658e7be4ef25d5b98ed8075b6037f041d66d95f7edc0b11772a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe

Filesize
468KB

MD5
d701d5d4eb8ab0cc2658e04943f77437

SHA1
75079cf8c5b6716fe6adfc3337c43b01577dd8f3

SHA256
e9fc28bfc196521f5ea05c042604ce8a258982d55b2c53f364aef96adbcd050a

SHA512
fc95de1a4d094d52c43415b00536bdfd32f5fdbc678a5ef39efaaf18137d2bc6214af2c861d4b68f7b843edcbdd35f716b6c3355a863b4382041144db11c1068

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe

Filesize
468KB

MD5
16a32be53dcacfeaa4de1e78067a8f67

SHA1
7f00cf27505432af2baee7ddabf84e0902582e8b

SHA256
7270dc7d7ebc846a771fda3da8058b804568a464ab85ab02393706be7dbf406d

SHA512
07de05d6d6e9ce79f38c2f9a010afc2ac9e31feef88ee74726c4d51a352a953d1550119769f27b4bfded18d3a6037935d9a741bf6a95a026b32c55a2142be214

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe

Filesize
468KB

MD5
60c5f238f8b59b63237f2d20e3606338

SHA1
d72716e2c45278ad266b9817df6bd9fff50bcb8f

SHA256
2716070da6ce771d6b98d75663b9f377312b7b1fcd50e22cea35b605d6c22398

SHA512
f54aa2aca34caf243e62c239af7e4675351f6f43b6d50064a3aba117bcba15a04a1b9d83ed46b5a2dadc0408b6b265751c73b374f59ffbf4103e218a988c493f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe

Filesize
468KB

MD5
29f4fd0933b86c90bd3c9d35bae5d579

SHA1
36b8fc0ad465be6ff7d22a6dd15c0ecb4b3ee1cc

SHA256
c701f8a7c53992d8d32cd9a5c3fcf9408508e6e05331281349eff9f79ec4c4f4

SHA512
be1c7775e6bc72a3d03c0866be178b6aa10df97eedfffff02e604e54db719c4e4db35d34c1cc1c99628c51e40e7d1d541f0fcc69bb985a9abe9db638b62a4d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe

Filesize
468KB

MD5
d6f4d3e2c47da09b4ad026d9ade25e9a

SHA1
3bd800df519e18447afba606d5d8071a0de597d9

SHA256
c0ac8b19d2efce9ed72050f07aaa2e840ea16cf1e090ddb812821fce45e9ffc5

SHA512
2e30818b66b223b5d6429eccbea43546773048374323f0f3532aa70d058cd60ee42366d121d1908d82806916a2a8bf5add96e14d730b8776790ad1d3162ec7a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe

Filesize
468KB

MD5
ae2783daf8e32a9aa015912d150d9bba

SHA1
350360d0417babc4ee6bcca9ffefd8c204443995

SHA256
edabadb5d4961e2f5cea3ed9d2441165390801966e262101a6513e00d227a830

SHA512
8ff12b280b3e985c117926595b33b2cdbad5179ef486d0ced5b3da664d14f2f686d3eaa78a4d4f5230beacf1793c26007a657e1c449e0173808dd8e5c418bdc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe

Filesize
468KB

MD5
c92bfd6d22cd42eabb5b82bd9c62a6c0

SHA1
02a9016761e7952c4509ecd7abd8816cca3afc5b

SHA256
1d971a1f8bac3ffa3f24aab6f4caf0397b68be100c489a6dce422898f54cc01b

SHA512
2116f3f047003f774102ee4b0c3d2f1d3f78ba97b7e6426559834fdb0d557be2a1503329640a83583dcf48eb5dcedc4dbfb28f248f556649b99b30c62fecc4d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe

Filesize
468KB

MD5
4926fef045131f32658d7ea8acc72d65

SHA1
695daa377bb4ae6c8fe28b5364cc9a79b99fdb13

SHA256
3734c49b20ca38651c3e758c322144dc5c1a2d24fc138ff251e88117c77a9756

SHA512
00b374ddaa1100ebfe91a8e1de132a63d90ed717cd9993bc5d16ce2ac85a2b813dc976aea71fb4aebf7e7098c956ababec5dcea3fe287a3f8f5802525db10d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe

Filesize
468KB

MD5
2a52f9969daa04e7f2f7cff54f1a2991

SHA1
9c28de76151234c2697092d2b89208eeafdf3c0a

SHA256
0a392b684c55c2a85f7b81109caf859233c0cfe242fd59994b421c06a2f721f6

SHA512
ed51022e736676638e77f0c5c2a9ab8b901fe62eba87d5a5bf439a1d1a4ebf91a91f4bebfda0554ace7abcd71cbf7a229bb0e7aac5512963ec541bb0364662d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe

Filesize
468KB

MD5
fd26a2fccffded215a38eea438c61499

SHA1
5884c0df46c7286c6abfaac65cd28444c7085531

SHA256
37db40d9375ba737924c5679aa25cc183f47cde2c350b8f7a9bc1cc6f67a2be3

SHA512
55d2b111980aac46fe543fa2ba9f02b73f1dcf90d8c562c88b7dee5c39929c2966a04d98c1b2658ea1c10076adda36ea6289d6e7ca160a41033ab9229c474779

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe

Filesize
468KB

MD5
f6e40a21d36398e25d3a82f6a53d15e2

SHA1
3fa6c92ff707df0bdf39d3b2e2f2d5c3493235a9

SHA256
5cb82f7b839585331a26e9c2b5245a18cfde0818ed3eff3170d9c5949ba3cb15

SHA512
132ad496e0c5f49fde3ca8fff01d719fbf5f8c29efd3c27680d0eb23f99b839122e164305b517cd59045cd7a9f5b7a16524c928d4ad20372f0cf8c5f775f1eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe

Filesize
468KB

MD5
e850e245a20185f9578ed3131c089a70

SHA1
bf24ab746b0d52a1c097ed61233945f6f307de9d

SHA256
9b8fae2b209d8ec372fb30cde96c04520c3613c160096efd789d568faba40fd4

SHA512
d1c6a2f493deb6d4bc03a64a9280ef5896719d4fbd3007b2927de4220211327499e2700dbc0287e5361eb57004597848a59034c7591a467d6e666d5a961422c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe

Filesize
468KB

MD5
1ede4d83338e5f375d7b3793b1a409d9

SHA1
ec6a0763e3fecee0fa20711c68fae33613fd88a4

SHA256
bfdfca5209553693891e0975aac1fc00a35c0ebb9aa4a903cca3ef848a40b484

SHA512
64743b42a484cd89f7bbf99ecf8e06be07d4de02a61a62f18cc6c67cef5858323cacb9504f7cf827705639269032e1f42f6845cf7a6e0a032762417a779841d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe

Filesize
468KB

MD5
e0e7e24bb6f84d4df815d9b63df89909

SHA1
3150de4e6d90a32c33d1b36f2cc5714427649ae2

SHA256
17f2b563f2f6d9b70a11db0e3b80f5a2aa1e552fb5cfb9dfc84e35b10a7f5f7d

SHA512
ac873adc49b44cc44f4311c655fa418eddacc757235ba09f9f477eb5b5c39ab48c33d42a01cfa9fa576189c6257d45453ca0cde8e1de482b210c3f1481743670

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe

Filesize
468KB

MD5
0e0464a65fc0d8ebd913516b06cab336

SHA1
feca8b66ea0f0aeb852f89e7efedad24423cecb4

SHA256
3d2a22f9ade2be5a49abbd4e9640c0bb9db704a416a1728fab117862532a8828

SHA512
92099d8dbe928725febcc5034ec32bffd2683bd6974c1507c2b360c14ef83e8c38991ef878432ea44305ec0d01122c7dc9a89305294791234e254179409aa4c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe

Filesize
468KB

MD5
ce74034583475b2ea3270d2d69de24a1

SHA1
16db0ecc3567e8ebcc19e4517e642d0de3b29da5

SHA256
3bf9591fc5c90e49d15dfa896d7d9cee3b5e9f63a38922d68db8cf1c38d00809

SHA512
b0acaea9c3a9adfa6a8545b67ce6a2014f3014b4f8cedab0e2bff042bc193040b33d165689db3b08a8d445491916442c5b5130b7bbe34c34443aed2c0c4c6117

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe

Filesize
468KB

MD5
eda1febe4a757af29ee49fd1ad5fea2b

SHA1
bdb50bb7b8f5e5dde90d4e17bf75aa9a48038c17

SHA256
aedbb74fe64f21c7892094dc014606725d7abcf5964addc5ab65345d0f8a1fae

SHA512
b1693e30f93ced5c5142473681802cb1b0ea4dd93897e35f0fcba2859889a0c3cf79f9dce985634566a4211541a2ce87631630e8ea1e9d27d09498dd938cfb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe

Filesize
468KB

MD5
101a187161f3424c16f0f96604b4521a

SHA1
ebf9b725497bc350e07f74983664a698e074eaae

SHA256
f13e15778ba45789019767f98315ec00be5b59f2e53ff3812a7534f30bfc4c5b

SHA512
19da71ed413530745d6bcb0b97c05f4911a3fddb76b099273fc17f2049742b541567f7ca359e7ac5f478fd073826cd1e574078ccefaf6e879188841dbf00e019

Download Submit
memory/224-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/344-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/376-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/524-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/632-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/648-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/684-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/808-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/872-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1184-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1224-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1276-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1312-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1352-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1368-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1444-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1484-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1532-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1728-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1752-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1816-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1824-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1828-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1848-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2092-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2188-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2444-218-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2464-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2660-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2924-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2972-31-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3056-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3076-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3200-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3272-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3276-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3424-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3432-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3472-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3492-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3520-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3548-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3568-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3584-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3892-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3928-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3940-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3992-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4052-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4056-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4092-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4208-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4224-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4224-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4308-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4312-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4328-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4336-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4488-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4536-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4728-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4732-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4756-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4900-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5136-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5180-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5196-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5208-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5248-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5272-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5288-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5388-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5408-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5452-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5472-561-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5492-564-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12912-2942-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15372-2593-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16168-3154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads