2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96

Analysis

max time kernel
115s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe
Size

468KB
MD5

2769a0c39c626a7c777608b6612b5d60
SHA1

3c1c1e58c4ed3dda767fc3b55b2daee6fd97cc91
SHA256

2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96
SHA512

f5c612b349f2c777c32b7a2ae7e27d681463c32bd72e4f13f344e9bb8d8856dd352d6a36001d1f455b6e7f1148ed9827eb971faf425806f7c7a1a4eb5ba9682f
SSDEEP

3072:5ZACogbphZJBtbYJPzcBff8/ErhXsKplnlHCxEXxM4+2cpeuEsEh:5Z1om/BtOP4BffSimQM4RMeuE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1204	Unicorn-48414.exe
2004	Unicorn-51678.exe
4172	Unicorn-15668.exe
3672	Unicorn-3733.exe
2380	Unicorn-30275.exe
1996	Unicorn-16540.exe
784	Unicorn-41724.exe
2272	Unicorn-22862.exe
3516	Unicorn-44029.exe
668	Unicorn-31030.exe
4184	Unicorn-13349.exe
4188	Unicorn-64588.exe
4828	Unicorn-53925.exe
1964	Unicorn-55638.exe
2248	Unicorn-24811.exe
2588	Unicorn-16142.exe
2612	Unicorn-42684.exe
2124	Unicorn-32478.exe
5068	Unicorn-20972.exe
4704	Unicorn-49198.exe
3776	Unicorn-24694.exe
720	Unicorn-16452.exe
1436	Unicorn-47476.exe
4052	Unicorn-36540.exe
2200	Unicorn-56414.exe
3840	Unicorn-56414.exe
5024	Unicorn-40005.exe
3196	Unicorn-53077.exe
4912	Unicorn-29916.exe
4384	Unicorn-9827.exe
4176	Unicorn-40846.exe
4484	Unicorn-37316.exe
2844	Unicorn-43150.exe
5104	Unicorn-10020.exe
3424	Unicorn-2117.exe
2772	Unicorn-64509.exe
1460	Unicorn-2309.exe
2632	Unicorn-196.exe
3384	Unicorn-17494.exe
4320	Unicorn-965.exe
2668	Unicorn-50166.exe
1336	Unicorn-34022.exe
3184	Unicorn-3195.exe
736	Unicorn-58526.exe
1652	Unicorn-33451.exe
704	Unicorn-3387.exe
4392	Unicorn-14348.exe
2068	Unicorn-35942.exe
2964	Unicorn-19606.exe
2864	Unicorn-11245.exe
3896	Unicorn-60446.exe
4904	Unicorn-8283.exe
4368	Unicorn-11083.exe
3940	Unicorn-5516.exe
2128	Unicorn-35972.exe
1416	Unicorn-24614.exe
2708	Unicorn-59324.exe
2928	Unicorn-57478.exe
4840	Unicorn-40877.exe
4848	Unicorn-33358.exe
2880	Unicorn-46165.exe
2212	Unicorn-41526.exe
2748	Unicorn-4451.exe
4864	Unicorn-2797.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
7972	3528	WerFault.exe	238
1244	5600	WerFault.exe	241
10864	5840	WerFault.exe	242
11724	5516	WerFault.exe	240
16340	15980	WerFault.exe	772

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1524.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3484	dwm.exe
Token: SeChangeNotifyPrivilege	3484	dwm.exe
Token: 33	3484	dwm.exe
Token: SeIncBasePriorityPrivilege	3484	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe
1204	Unicorn-48414.exe
4172	Unicorn-15668.exe
2004	Unicorn-51678.exe
3672	Unicorn-3733.exe
2380	Unicorn-30275.exe
1996	Unicorn-16540.exe
784	Unicorn-41724.exe
2272	Unicorn-22862.exe
3516	Unicorn-44029.exe
4188	Unicorn-64588.exe
668	Unicorn-31030.exe
4184	Unicorn-13349.exe
4828	Unicorn-53925.exe
1964	Unicorn-55638.exe
2248	Unicorn-24811.exe
2588	Unicorn-16142.exe
2612	Unicorn-42684.exe
2124	Unicorn-32478.exe
5068	Unicorn-20972.exe
4704	Unicorn-49198.exe
3776	Unicorn-24694.exe
720	Unicorn-16452.exe
1436	Unicorn-47476.exe
4052	Unicorn-36540.exe
3840	Unicorn-56414.exe
2200	Unicorn-56414.exe
5024	Unicorn-40005.exe
3196	Unicorn-53077.exe
4912	Unicorn-29916.exe
4384	Unicorn-9827.exe
4176	Unicorn-40846.exe
4484	Unicorn-37316.exe
2844	Unicorn-43150.exe
5104	Unicorn-10020.exe
3424	Unicorn-2117.exe
2772	Unicorn-64509.exe
1460	Unicorn-2309.exe
2632	Unicorn-196.exe
4320	Unicorn-965.exe
3384	Unicorn-17494.exe
2668	Unicorn-50166.exe
1336	Unicorn-34022.exe
1652	Unicorn-33451.exe
4392	Unicorn-14348.exe
736	Unicorn-58526.exe
3184	Unicorn-3195.exe
704	Unicorn-3387.exe
2964	Unicorn-19606.exe
2068	Unicorn-35942.exe
3896	Unicorn-60446.exe
2864	Unicorn-11245.exe
4368	Unicorn-11083.exe
3940	Unicorn-5516.exe
2128	Unicorn-35972.exe
4904	Unicorn-8283.exe
1416	Unicorn-24614.exe
4840	Unicorn-40877.exe
2708	Unicorn-59324.exe
2928	Unicorn-57478.exe
2880	Unicorn-46165.exe
2212	Unicorn-41526.exe
4848	Unicorn-33358.exe
2748	Unicorn-4451.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 1204	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	82
PID 4136 wrote to memory of 1204	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	82
PID 4136 wrote to memory of 1204	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	82
PID 1204 wrote to memory of 2004	1204	Unicorn-48414.exe	87
PID 1204 wrote to memory of 2004	1204	Unicorn-48414.exe	87
PID 1204 wrote to memory of 2004	1204	Unicorn-48414.exe	87
PID 4136 wrote to memory of 4172	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	88
PID 4136 wrote to memory of 4172	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	88
PID 4136 wrote to memory of 4172	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	88
PID 4172 wrote to memory of 3672	4172	Unicorn-15668.exe	90
PID 4172 wrote to memory of 3672	4172	Unicorn-15668.exe	90
PID 4172 wrote to memory of 3672	4172	Unicorn-15668.exe	90
PID 4136 wrote to memory of 2380	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	91
PID 4136 wrote to memory of 2380	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	91
PID 4136 wrote to memory of 2380	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	91
PID 1204 wrote to memory of 1996	1204	Unicorn-48414.exe	92
PID 1204 wrote to memory of 1996	1204	Unicorn-48414.exe	92
PID 1204 wrote to memory of 1996	1204	Unicorn-48414.exe	92
PID 2004 wrote to memory of 784	2004	Unicorn-51678.exe	95
PID 2004 wrote to memory of 784	2004	Unicorn-51678.exe	95
PID 2004 wrote to memory of 784	2004	Unicorn-51678.exe	95
PID 3672 wrote to memory of 2272	3672	Unicorn-3733.exe	96
PID 3672 wrote to memory of 2272	3672	Unicorn-3733.exe	96
PID 3672 wrote to memory of 2272	3672	Unicorn-3733.exe	96
PID 4172 wrote to memory of 3516	4172	Unicorn-15668.exe	97
PID 4172 wrote to memory of 3516	4172	Unicorn-15668.exe	97
PID 4172 wrote to memory of 3516	4172	Unicorn-15668.exe	97
PID 1996 wrote to memory of 668	1996	Unicorn-16540.exe	98
PID 1996 wrote to memory of 668	1996	Unicorn-16540.exe	98
PID 1996 wrote to memory of 668	1996	Unicorn-16540.exe	98
PID 2380 wrote to memory of 4184	2380	Unicorn-30275.exe	99
PID 2380 wrote to memory of 4184	2380	Unicorn-30275.exe	99
PID 2380 wrote to memory of 4184	2380	Unicorn-30275.exe	99
PID 1204 wrote to memory of 4188	1204	Unicorn-48414.exe	100
PID 1204 wrote to memory of 4188	1204	Unicorn-48414.exe	100
PID 1204 wrote to memory of 4188	1204	Unicorn-48414.exe	100
PID 4136 wrote to memory of 4828	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	101
PID 4136 wrote to memory of 4828	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	101
PID 4136 wrote to memory of 4828	4136	2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe	101
PID 784 wrote to memory of 1964	784	Unicorn-41724.exe	102
PID 784 wrote to memory of 1964	784	Unicorn-41724.exe	102
PID 784 wrote to memory of 1964	784	Unicorn-41724.exe	102
PID 2004 wrote to memory of 2248	2004	Unicorn-51678.exe	103
PID 2004 wrote to memory of 2248	2004	Unicorn-51678.exe	103
PID 2004 wrote to memory of 2248	2004	Unicorn-51678.exe	103
PID 3516 wrote to memory of 2588	3516	Unicorn-44029.exe	104
PID 3516 wrote to memory of 2588	3516	Unicorn-44029.exe	104
PID 3516 wrote to memory of 2588	3516	Unicorn-44029.exe	104
PID 4172 wrote to memory of 2612	4172	Unicorn-15668.exe	105
PID 4172 wrote to memory of 2612	4172	Unicorn-15668.exe	105
PID 4172 wrote to memory of 2612	4172	Unicorn-15668.exe	105
PID 2272 wrote to memory of 2124	2272	Unicorn-22862.exe	106
PID 2272 wrote to memory of 2124	2272	Unicorn-22862.exe	106
PID 2272 wrote to memory of 2124	2272	Unicorn-22862.exe	106
PID 3672 wrote to memory of 5068	3672	Unicorn-3733.exe	107
PID 3672 wrote to memory of 5068	3672	Unicorn-3733.exe	107
PID 3672 wrote to memory of 5068	3672	Unicorn-3733.exe	107
PID 4188 wrote to memory of 4704	4188	Unicorn-64588.exe	108
PID 4188 wrote to memory of 4704	4188	Unicorn-64588.exe	108
PID 4188 wrote to memory of 4704	4188	Unicorn-64588.exe	108
PID 668 wrote to memory of 3776	668	Unicorn-31030.exe	109
PID 668 wrote to memory of 3776	668	Unicorn-31030.exe	109
PID 668 wrote to memory of 3776	668	Unicorn-31030.exe	109
PID 1204 wrote to memory of 720	1204	Unicorn-48414.exe	110

C:\Users\Admin\AppData\Local\Temp\2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe
"C:\Users\Admin\AppData\Local\Temp\2c85989badac5f5d6e53a3c963da645dbc198b1199e45d66a017d7eb6e303d96N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        9⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        10⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        10⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        9⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        9⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        8⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        8⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
        9⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        9⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        9⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        8⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        8⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
        8⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39948.exe
        7⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        6⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        8⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        8⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        7⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        7⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        7⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6395.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19606.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        8⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        8⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        8⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        8⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        7⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        7⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        6⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        7⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        7⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        6⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11083.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        7⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
        7⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27525.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25171.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30865.exe
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36108.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        6⤵
        
        PID:13528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        6⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        6⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
        6⤵
        
        PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        5⤵
        
        PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24811.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        7⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        9⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        8⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        8⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        8⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        8⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11378.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        7⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        7⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        8⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        8⤵
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        7⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        7⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        7⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        7⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        6⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5709.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        7⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        7⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        6⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        6⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        7⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42932.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        6⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        5⤵
        
        PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        8⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        7⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        7⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44550.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        7⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        7⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-917.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52069.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
        6⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        6⤵
        
        PID:660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        5⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        5⤵
        
        PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        7⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27260.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        6⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
        6⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        6⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        5⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        5⤵
        
        PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54844.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2116.exe
        5⤵
        
        PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
      4⤵
      PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2507.exe
      4⤵
      PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
      4⤵
      PID:14848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52574.exe
        7⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22326.exe
        9⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        9⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        9⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        9⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        8⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        8⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        8⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        8⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        7⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        6⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        7⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        7⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        6⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
        6⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
        6⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        6⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        8⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30860.exe
        9⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        8⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        8⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21315.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        7⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        7⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        7⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        6⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
        5⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        6⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
        6⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        7⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49314.exe
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
        6⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        6⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        6⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
        5⤵
        
        PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        6⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
        6⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        6⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        6⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        5⤵
        
        PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        5⤵
        
        PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
      4⤵
      PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        5⤵
        
        PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
      4⤵
      PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
      4⤵
      PID:14856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        8⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        8⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        8⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        7⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        7⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        7⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        7⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        7⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        6⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
        6⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        6⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 688
        7⤵
        Program crash
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        6⤵
        
        PID:16064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        6⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19366.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        6⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exe
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13524.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        5⤵
        
        PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50390.exe
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        7⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        7⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        6⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        6⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13147.exe
        5⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        5⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        5⤵
        
        PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
      4⤵
      PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
      4⤵
      PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
      4⤵
      PID:16040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6269.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
        7⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        6⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        6⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
        5⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        6⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
        6⤵
        
        PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        5⤵
        
        PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52038.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        5⤵
        
        PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
      4⤵
      PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
      4⤵
      PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
      4⤵
      PID:5140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
      4⤵
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50390.exe
        6⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        7⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        6⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        6⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        5⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        5⤵
        
        PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
      4⤵
      PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
      4⤵
      PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
      4⤵
      PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
      4⤵
      PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
    3⤵
    PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        5⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        6⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        5⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        5⤵
        
        PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      4⤵
      PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
      4⤵
      PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30858.exe
      4⤵
      PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
    3⤵
    PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
      4⤵
      PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
      4⤵
      PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
    3⤵
    PID:9584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
    3⤵
    PID:3984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15668.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15668.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        9⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        10⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        10⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        9⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        9⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        9⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        8⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        8⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        8⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        7⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        6⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        7⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 632
        8⤵
        Program crash
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        7⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        7⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        7⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        6⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        8⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        8⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        7⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
        7⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        7⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
        7⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        7⤵
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        6⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        5⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        6⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 632
        7⤵
        Program crash
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        6⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
        5⤵
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39172.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39062.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        5⤵
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
        6⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        7⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 604
        8⤵
        Program crash
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        7⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        7⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1717.exe
        7⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        7⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        6⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        6⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
        7⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        6⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        6⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9580.exe
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        5⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52433.exe
        5⤵
        
        PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
        5⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63446.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        7⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
        6⤵
        
        PID:16412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23465.exe
        6⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        5⤵
        
        PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        6⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        6⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        5⤵
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23955.exe
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
      4⤵
      PID:360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
      4⤵
      PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
      4⤵
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
      4⤵
      PID:6668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        8⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        8⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        7⤵
        
        PID:17104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        7⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45796.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        7⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        7⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        6⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
        8⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        7⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        7⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        7⤵
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        7⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
        6⤵
        
        PID:14732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        6⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        6⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        6⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        5⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
        8⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        8⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        8⤵
        
        PID:18104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        7⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        7⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        6⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        6⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10877.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        7⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        6⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        6⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        5⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        5⤵
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
      4⤵
      PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        5⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        5⤵
        
        PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
      4⤵
      PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
      4⤵
      PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
      4⤵
      PID:4468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        5⤵
        Executes dropped EXE
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        7⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        6⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        6⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
        6⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        6⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        6⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        6⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
        6⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        5⤵
        
        PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        7⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
        5⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        5⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        5⤵
        
        PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
        5⤵
        
        PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
      4⤵
      PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
      4⤵
      PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
      4⤵
      PID:8144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        6⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        6⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57845.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        5⤵
        
        PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40508.exe
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
      4⤵
      PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        6⤵
        
        PID:16232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        6⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        5⤵
        
        PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
      4⤵
      PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32939.exe
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
      4⤵
      PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
      4⤵
      PID:15920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
      4⤵
      PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
      4⤵
      PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
      4⤵
      PID:17868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
    3⤵
    PID:8344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
    3⤵
    PID:12244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32756.exe
    3⤵
    PID:15788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
    3⤵
    PID:6704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        5⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8101.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        7⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        6⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40637.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        5⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24418.exe
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12220.exe
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
      4⤵
      PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
      4⤵
      PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
      4⤵
      PID:14296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
      4⤵
      PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16758.exe
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        7⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
        7⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
        6⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        6⤵
        
        PID:15980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15980 -s 444
        7⤵
        Program crash
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        6⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        5⤵
        
        PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
      4⤵
      PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
      4⤵
      PID:14788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
      4⤵
      PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        6⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        5⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        5⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        5⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        5⤵
        
        PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
      4⤵
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
      4⤵
      PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
      4⤵
      PID:15344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
    3⤵
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        5⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        5⤵
        
        PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
      4⤵
      PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
      4⤵
      PID:7576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
    3⤵
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
      4⤵
      PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
      4⤵
      PID:9184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
    3⤵
    PID:14564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
    3⤵
    PID:17096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
    3⤵
    PID:6972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        7⤵
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        6⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        5⤵
        
        PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
        6⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        5⤵
        
        PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
      4⤵
      PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
        6⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
      4⤵
      PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
      4⤵
      PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
      4⤵
      PID:8976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
      4⤵
      PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        5⤵
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
      4⤵
      PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
      4⤵
      PID:6664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
    3⤵
    PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
      4⤵
      PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
    3⤵
    PID:12136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
    3⤵
    PID:16100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
    3⤵
    PID:5232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        6⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        6⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        5⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        5⤵
        
        PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        5⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
      4⤵
      PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
      4⤵
      PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
      4⤵
      PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
    3⤵
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
      4⤵
      PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
      4⤵
      PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
    3⤵
    PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
      4⤵
      PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
      4⤵
      PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
    3⤵
    PID:9356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
    3⤵
    PID:13888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
    3⤵
    PID:17140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
    3⤵
    PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
    3⤵
    PID:15840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57893.exe
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        5⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
      4⤵
      PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
      4⤵
      PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
      4⤵
      PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
    3⤵
    PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
      4⤵
      PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
      4⤵
      PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
      4⤵
      PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
    3⤵
    PID:11140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
    3⤵
    PID:15672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
    3⤵
    PID:616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
  2⤵
  PID:3436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
    3⤵
    PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
      4⤵
      PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37388.exe
      4⤵
      PID:16400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
      4⤵
      PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
    3⤵
    PID:8628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
    3⤵
    PID:12820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
    3⤵
    PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
    3⤵
    PID:8836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
  2⤵
  PID:7144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
    3⤵
    PID:12216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
    3⤵
    PID:1364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
  2⤵
  PID:9704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
  2⤵
  PID:14080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14322.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14322.exe
  2⤵
  PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3528 -ip 3528
1⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5600 -ip 5600
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5840 -ip 5840
1⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5516 -ip 5516
1⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 15412 -ip 15412
1⤵
PID:17084

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe

Filesize
468KB

MD5
ffb1e7b84b3a3e36b2bcd03dc6ab9a8b

SHA1
df75fde06d917defa9a606f5549f92e03fd734ba

SHA256
5a0aeba23f1617497f5734c36aaec94a981248b4f56cb18ce61befd58968b0b5

SHA512
1b72379c70016628ba8edbcf612ad1a7d8689eb952a9c039a18710e876639bd82d0dbf89e1dc223cc2a524293667c68ade8f2e10f533e80635d9c36a37cf6cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15668.exe

Filesize
468KB

MD5
5016c96e385dc265c6ea2beb9af5e3a1

SHA1
b4f68df26d4e6422268d6751f7c433bc852d769a

SHA256
34d7c939c783819bb7e04a2fcbe368a517e5a131c6a9d01d9dc9ff2d2ffa2d42

SHA512
ebb4158da9d41e6f6a921cf65e44c3d29c52e69956d4af7cd2f31be4be47f59eda1688f3b5d784719118101b2cac538d66ff2adc538670ee162279e8b9f50052

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe

Filesize
468KB

MD5
d6895f980c21f81cf951a183dbbace5f

SHA1
d29837f310b4f19e88d3473d38e937bd6974ec5e

SHA256
9eeaf075429272601254b4bb9be3e00c0527f0a9c0579f734e4195de30bbc8e0

SHA512
3767437f89e6fd7102b88fd1cefaa63a2e1430cf1f233260df7a575666eec9b034bb09f1c68fd178345a90a3ea3e9db93dd7f3cc84cb8bc7ab44b0776286ad28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe

Filesize
468KB

MD5
9372d1957665c5ef98e6c806ace0bb7b

SHA1
944311eacea793f62027cd782efce7bc17fabfbb

SHA256
5fec31a4fea1cfb74f6d41fc8186132c0537feda3d81c2022c32236194629685

SHA512
6a1cab1021b517fc37265ddc1fbc934cda01a9e984b9ada3e31a290762452be7e29440d2727ccd52d5860e481870fecd691600c5e7e579dcacc215bf94a3ee4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe

Filesize
468KB

MD5
37f23c41508d974d08ca13fe421ea094

SHA1
e7c9abc2f8a62f88473787eac5df7a82cef948b6

SHA256
afe3b3e337d7f2b6d93798eab85d79b4445df83e453683a310cb8a4e5a78a72d

SHA512
2798f1b410db18f62603d229f273706768f42c0baa8e070473bbd87ea2377e719055d6b8955767eede83ae191ca64ac46a88664c36a0e0c1f9033510345ffbf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe

Filesize
468KB

MD5
d4c9361c7d9ce7fe6d19f58c5f5fa437

SHA1
a1db4a65a6e9558cd4bef0a3e5855e293e4291a5

SHA256
013d04eb4310d01e96a5810f1e98b808e890f4cc9bd679c18e13649666f45f4d

SHA512
bc2d906739b116c6f2dd7e9043afee27ffce84d06fe02a81931c7d1937260ad8fba027181bcac5ebd9597fe33303b3609572bd8623b3543811b7b13d67916fc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe

Filesize
468KB

MD5
85274382110e2f134c5a3c837b0aa600

SHA1
1ce0a68c21d5bbb75df9103d152f593965927154

SHA256
b6a3a242d0dd92507664c904dd1862f978ae1ce4aa02a00ff5938fdf9c3b9c2a

SHA512
575a9f42164785d8e8ab64135800713e54490be56c0bf0db0c0f80b85e169b7039993ae6d32e7b28dc896693b714022bcdaff5182d3549c3a117bd3bd5cb17cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24694.exe

Filesize
468KB

MD5
eb9b6ab9e38bcc83ba18336a52c9b4d8

SHA1
6c1b93161c5aec230a66dd1014c59a53a8eee5f7

SHA256
3b4c730ac154c06b59c3311d1b68abd65cd01ce860b3ce14b19f304beab3be9f

SHA512
d96f24a233fc93d8479c2cb685b7dc0b24317e50fbe503d6edfd1d0dfdfe3a619579106f20722fa40678e5229fb4574682c07f2230f381ec9b43c150ce88fb56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24811.exe

Filesize
468KB

MD5
87b7feb2d3ecfbf3d6c05c0cccfa9e47

SHA1
c5ab52e8e207a7b949c7547811e2ca9397abbab5

SHA256
9d2818e047797627a8c660c6443a5a7cd7102d0837df8a8f49970236a496ae2f

SHA512
28cb405e43294bfa56c23453d4eb514d553cba214f82abff1ed5cbc4d1e48dba0b9cfdd86e0a8cda811a7869ddbe71032afcfdcdacaa800455bf14519cc493fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe

Filesize
468KB

MD5
42a2ce4e75047941f2c20b2d0d247c82

SHA1
8b6f2f9992fa1d573f233a19d8b9e3b763f6f120

SHA256
3841291562119350e3c06ddfdd3c22ed4d0c02cd8fb635160fabde6a1e6809c0

SHA512
19ef006a0e4ae2d2703e1f08e3782326b3063813f2cef847f6970980c53d518553b12d04ec1f638254452727300a0d6eed32d7652bbc8d24784a7f1f1ebca76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe

Filesize
468KB

MD5
25b47ade10a8d4578c861e821afb61dc

SHA1
5622820ab62d4bdc8dae8a627fdf545ccf21e889

SHA256
db3019e68a002ba28433b4cebff4f80cb1f303c468f0861292f6216e1e0c55b2

SHA512
c7b98c1f3cf8df36835613b8846896b481d11b380faac17710e7c8be8576f08e40c648111d0d182f1654decb55d67fb6fce79f7cf868485353795976de203032

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe

Filesize
468KB

MD5
00732f540cb42bc163d8234705a0c2fd

SHA1
274bf53edd28455a50aa333d4d9548ccbeb243d5

SHA256
affefb780c781eac9c0b3c2210b60cb768d964ae1ebbeacb07df6606136d0cc0

SHA512
61e6cfc90645b706e230ef3ea7c78163494375a20d8d1548073caba4c774763d9b6c265593ae92b135fd77ac630912698a8c5c769230f05c702731928904ffe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe

Filesize
468KB

MD5
3f18b0eba432d9e1069f2633d65a1e62

SHA1
eefe53f5e44e68b6a4a0709cf5f4718904c269c0

SHA256
45adf18555a1d6bd9ee89767483c7577a763269582330e21c32ccac87fd69a91

SHA512
59e79670187d466bc146d5952c656cd5fbe7ef5a1f2857039b299d89d235eaaffc2bb84139c7a729a53c3dbfb14b8bbfb458d6cc84ebedaf432726fd80726189

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe

Filesize
468KB

MD5
2bb066410ebab651da80177c0701f775

SHA1
e54a9d2706f1528f03c7926de078e7cb0f82ccf6

SHA256
11249c9315349fc4979b1235eb6487eb29ce3b50670aa7060fe59e4b1c40a82d

SHA512
43cb5a5c0168f3ae7974653149b851502014914043fb4e52b9fd79c64c38cba20c88c7728308959cc7a1e6e33a0f37313f2e2fa307ee09683eab421ab254e7e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe

Filesize
468KB

MD5
761462c7c99568951cc66fe1187a4d93

SHA1
e4e2375c936b4f2ae238d3b6dbd52130cf6e9f78

SHA256
84b701109d14f9f6e9750bff6284c30ccccde2d15e2d2f507ce6b3d049331a74

SHA512
61afe0b4699d437ee1a6cdc07b9aaa088337daa9491a9e9501370ac833809f10bc5373c1c49254d41c268562927cfd7141a731b06043382d2d38af865f8418cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe

Filesize
468KB

MD5
7de9d47f9ff5104f888bef1c83be0890

SHA1
ab4f202d654c67a665a7b0c9b45720514bb35435

SHA256
c4103a221f293bac73548a3f729707cb708014dae09770e05ed3798e52b5c36b

SHA512
cf32c12aad4cbf1548ae32cd85e9c78742ae977fe7c73d8dd5f004ba45f9922439910c13a64934381cbfe0db750bf4d4f92abc911aafddf8924c4a9aeb48ace9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe

Filesize
468KB

MD5
b72e3b6f9813779f2c406660313db57b

SHA1
3502161994b9bbf99e73de0b3cf6b59961164895

SHA256
99c61c923b09db7811fa6114cf831683fc7e83bcbaeb72dbd6a6ff7774f61ad5

SHA512
c63f0e6c98f5b38c010ec50af74ee2fef125d47d966c041b116e9c0970a5b03f369be4edf52e1997cdbd45ad1bdb6e18e6a24c15081778433cc009e8cb8949ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe

Filesize
468KB

MD5
2e715be21f2337d059320f50ebe73c75

SHA1
688addef007dbcd7993e5953b13e6b35130697ca

SHA256
d65b2c45c7fa40fbc7407a2c741f49e731c7dcf24981bb22e427f3db4e67ef83

SHA512
96a9567fcaef60111f278a7efdc59356e71ece85b8865897cb2fa9781e0a3860acb1aca2b064a40e2ede1134514779ea5e98a8dd6b464071737b2f7a728318f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe

Filesize
468KB

MD5
454727577b64c9c5fc70f45075d787d8

SHA1
0e5a354350a6c4150c835f955e99103fa586b020

SHA256
74da17fd5f92c6652b31f359551195b49b1a06a1793022fac8f49cfff026cd4c

SHA512
ac208b93c9d7473f2ee39aded72697e4a37c4a247280608eb51ec82635284c44a0b809de226ee879dd0d6e19996f805849b73c0d7e4c776093d0f6afbcefee30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe

Filesize
468KB

MD5
52c6cdf6b2544232c012a676e1153912

SHA1
d1e224a96dcc6d53f3c0ea63c228d711337ab1c9

SHA256
fc79e1888a492add0a7945f5b4f7e0eaed1fe7830dd1fd231b4a4879aa9dadab

SHA512
868653a9f37dd24b9a080a4f07c5df03b64def569382257de3361c6a86ce6898638c13345e073dc2ce2a94670c62ab482c09b89cd4881722803bfc126ebf23b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe

Filesize
468KB

MD5
a68f8d3c8b4a3d75b5dd1733b919084f

SHA1
740dc0bd3dd391f1d1e30a3b0d60406c9c820311

SHA256
7f7463227cb9d70018bac18f7f3e48e5a17d95689e07dc3a3956a9a2aaaa9406

SHA512
38c6aad36e24737099e7b1b098bd6ffc0ff8d55ae153fe442c987e5602092cef11f26facbdd214f63a074b6b9f015889087ec7225f5aebf0da92a5286da65525

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe

Filesize
468KB

MD5
0e56fbf2d1bd31be5ffa3649b8eee6ad

SHA1
972b3dc5749f7fc25fde60467eff53d5ef12b3d8

SHA256
4c55b49bf204c9631ebd56ad67f79da8b5e3585525b108c5be51f8c2e8402029

SHA512
715ff6454c8acc73e14334c01cdd709340cada5f0038d077c1832d52377d50ec5f52ddea11b07910d0addeb3d396115ed9e0733ee2614b8edffbb72bed9f2255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe

Filesize
468KB

MD5
2d28e4768446bbacd056ea15608d1296

SHA1
d0e27ee7396d0407362a2a4e799f4f4a38731242

SHA256
c7367589c9c35108d16b10418821999ad1911722b5d839e9ceca49f91bd4e9d8

SHA512
d96f0f6a0eb5bdded9ff8208d532c5610d9b02952aaa1459bce042dded3015acd26a5b89333fb8b124394b23cd03b88c7e4bce665c02363ee9db7d9fb55b7f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe

Filesize
468KB

MD5
ff6d5c2769b2d2a5ce9738df928eb23c

SHA1
000fa0a0c588c409437f865b1dc8ad290f2aad06

SHA256
12f8c7d083a4d848f07aa8749442cdfba9481d4473e8179623f8561069c4ed9f

SHA512
5070220c2b5b17660d1b6760d459de39ff7c8db3f43e19ff7fb025f45eb6c24d19ab5045bdb76c2420a4e2d57d2a82accd68e0cbf552ec2bed03fd4c66f5f1a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe

Filesize
468KB

MD5
5da7532ab6cb5eeae619663eaeb1964a

SHA1
9c002fac9251f90bc47323f87a946abb684c4b29

SHA256
905cf7511de0810a682378c2181d2e3a81f0eb3040875c86c058f7eefb17a601

SHA512
44e6d89de49b3684d7c9ae23c1992204e36f1a75ef3f4407121981036d5893acc2e993c3898e071e4c56fa47bd4bb06999ea94c11345ab513d4c5bc22da25cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe

Filesize
468KB

MD5
1aaafad623b7a346a2b22c0a983e3961

SHA1
1d6b95a68626b4ed3302efc155288e52094da8a9

SHA256
80b0c70ec23bbf2600f83975133bdac164b3b4d846dd351ddf0f38929d8f8ae7

SHA512
3c0624a813aa26baba84962ab6ddb8423897b4b59b087ab3c0f5bac640b601497f9ff035461190dac6cc48b67d9eed031b537dd5c1b3286fe9b97e3158612afe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe

Filesize
468KB

MD5
357799513b72ad938d9834e449e037a9

SHA1
f700183851389d9f8df1b0c2d54cb54bf1dbbb67

SHA256
5738ee099436332fe900523ef9b95fed7a2e0f86cc3b9fae05ce05027830a7a9

SHA512
a2b3133b7295dfd7348f9df98881cef5c6f9befc0760739948bee9bb2140fd021e612ee0b4d99318581f28d5c459a52220ed81a441fe48b84dfd71bcc1327339

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe

Filesize
468KB

MD5
ada8166e52c891ba9c6612d46da87d9a

SHA1
325eb1016d3429f581dc32d253e96668c67b65a6

SHA256
1e4cd11a7ceef469ef077e124175e5687a92d3508840be52174550455679500d

SHA512
4295d535f9073789c4da78a319896bf738f93120378b1abcfb0241d82e2342db49d6d61bfb8772089217afa69efa84b9ee8f712f346a9772f8d7f8ba5a041c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe

Filesize
468KB

MD5
af4ab2c22a182bed7bd93cf6cb220164

SHA1
4a1864db919c2e826852601d296370adc0bdc63c

SHA256
7717ec2a4f336b1ad537af2943db8986f1b6ae34a72dbb1424f49369f65d3fbc

SHA512
80c74ed9b1bacd36b217c7950e6732c1b95d9247d10671fdaa62382dd260ce03540f61e7adea3a0e1754b72767abe481aeddc7e7f623b4a5bc79b624925d5f5c

Download Submit
memory/784-2813-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads