689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73

Analysis

max time kernel
118s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe
Size

468KB
MD5

4e116830e2896d76aed26a7bad125630
SHA1

8dff09f3839d335efbf5f2925f923fe65e6b88e8
SHA256

689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73
SHA512

bd2f9113fe933f54ab6b041357292797efa691f93a375f47dc4f3fbffd0b45ebe29cadf1b29fc6abbcf6bbce366060c32111f2891a8a1bb55aa38de9ca7c8e3d
SSDEEP

3072:4bejogxaIU57tbYZPzcfmbfD/n2DnsIH/QgyeQVqjA5KkkT3uxuld:4b+oCc7tCP4fmbfraHzA5Dq3ux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
220	Unicorn-39120.exe
3984	Unicorn-30480.exe
536	Unicorn-51263.exe
392	Unicorn-56349.exe
1476	Unicorn-53396.exe
4032	Unicorn-48757.exe
2364	Unicorn-17053.exe
3180	Unicorn-50192.exe
4536	Unicorn-64068.exe
452	Unicorn-41640.exe
4168	Unicorn-3906.exe
4388	Unicorn-17939.exe
3344	Unicorn-18205.exe
760	Unicorn-25880.exe
1576	Unicorn-22350.exe
344	Unicorn-55184.exe
2268	Unicorn-23389.exe
3820	Unicorn-17258.exe
2368	Unicorn-3331.exe
3788	Unicorn-29720.exe
3160	Unicorn-34550.exe
1804	Unicorn-19160.exe
2496	Unicorn-35496.exe
4024	Unicorn-3892.exe
424	Unicorn-23990.exe
3776	Unicorn-19963.exe
3616	Unicorn-20229.exe
3664	Unicorn-10805.exe
1700	Unicorn-65407.exe
3244	Unicorn-29941.exe
2980	Unicorn-46544.exe
1484	Unicorn-12262.exe
3296	Unicorn-48656.exe
924	Unicorn-13139.exe
2436	Unicorn-33005.exe
2156	Unicorn-54172.exe
4688	Unicorn-16403.exe
1188	Unicorn-16669.exe
544	Unicorn-2946.exe
332	Unicorn-9076.exe
4680	Unicorn-29174.exe
1968	Unicorn-9770.exe
2360	Unicorn-38288.exe
620	Unicorn-13399.exe
2400	Unicorn-21568.exe
4952	Unicorn-63669.exe
1316	Unicorn-18230.exe
4528	Unicorn-6300.exe
1356	Unicorn-28511.exe
2216	Unicorn-28776.exe
740	Unicorn-60679.exe
3184	Unicorn-8910.exe
2696	Unicorn-12439.exe
3104	Unicorn-31005.exe
1992	Unicorn-17270.exe
1076	Unicorn-4578.exe
4760	Unicorn-7378.exe
460	Unicorn-1012.exe
2644	Unicorn-54852.exe
228	Unicorn-5459.exe
4660	Unicorn-25901.exe
4812	Unicorn-35230.exe
2300	Unicorn-41360.exe
4632	Unicorn-4774.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
7176	5988	WerFault.exe
8144	5328	WerFault.exe	276
12456	6020	WerFault.exe	279
16672	6776	WerFault.exe	445
16684	15420	WerFault.exe	778
16720	15888	WerFault.exe	761

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44902.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60578.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17560	dwm.exe
Token: SeChangeNotifyPrivilege	17560	dwm.exe
Token: 33	17560	dwm.exe
Token: SeIncBasePriorityPrivilege	17560	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe
220	Unicorn-39120.exe
3984	Unicorn-30480.exe
536	Unicorn-51263.exe
392	Unicorn-56349.exe
1476	Unicorn-53396.exe
2364	Unicorn-17053.exe
4032	Unicorn-48757.exe
4536	Unicorn-64068.exe
3180	Unicorn-50192.exe
452	Unicorn-41640.exe
3344	Unicorn-18205.exe
4168	Unicorn-3906.exe
760	Unicorn-25880.exe
1576	Unicorn-22350.exe
4388	Unicorn-17939.exe
3820	Unicorn-17258.exe
2268	Unicorn-23389.exe
344	Unicorn-55184.exe
2368	Unicorn-3331.exe
3788	Unicorn-29720.exe
3160	Unicorn-34550.exe
3244	Unicorn-29941.exe
1700	Unicorn-65407.exe
424	Unicorn-23990.exe
4024	Unicorn-3892.exe
3616	Unicorn-20229.exe
1804	Unicorn-19160.exe
3664	Unicorn-10805.exe
3776	Unicorn-19963.exe
2496	Unicorn-35496.exe
2980	Unicorn-46544.exe
1484	Unicorn-12262.exe
3296	Unicorn-48656.exe
924	Unicorn-13139.exe
2436	Unicorn-33005.exe
2156	Unicorn-54172.exe
4688	Unicorn-16403.exe
1188	Unicorn-16669.exe
544	Unicorn-2946.exe
4680	Unicorn-29174.exe
332	Unicorn-9076.exe
1968	Unicorn-9770.exe
2360	Unicorn-38288.exe
620	Unicorn-13399.exe
2400	Unicorn-21568.exe
1316	Unicorn-18230.exe
4952	Unicorn-63669.exe
740	Unicorn-60679.exe
1356	Unicorn-28511.exe
2696	Unicorn-12439.exe
4760	Unicorn-7378.exe
2216	Unicorn-28776.exe
1076	Unicorn-4578.exe
3184	Unicorn-8910.exe
4528	Unicorn-6300.exe
3104	Unicorn-31005.exe
1992	Unicorn-17270.exe
460	Unicorn-1012.exe
2644	Unicorn-54852.exe
228	Unicorn-5459.exe
4660	Unicorn-25901.exe
4812	Unicorn-35230.exe
4632	Unicorn-4774.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 220	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	90
PID 2736 wrote to memory of 220	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	90
PID 2736 wrote to memory of 220	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	90
PID 220 wrote to memory of 3984	220	Unicorn-39120.exe	93
PID 220 wrote to memory of 3984	220	Unicorn-39120.exe	93
PID 220 wrote to memory of 3984	220	Unicorn-39120.exe	93
PID 2736 wrote to memory of 536	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	94
PID 2736 wrote to memory of 536	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	94
PID 2736 wrote to memory of 536	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	94
PID 3984 wrote to memory of 392	3984	Unicorn-30480.exe	96
PID 3984 wrote to memory of 392	3984	Unicorn-30480.exe	96
PID 3984 wrote to memory of 392	3984	Unicorn-30480.exe	96
PID 220 wrote to memory of 1476	220	Unicorn-39120.exe	97
PID 220 wrote to memory of 1476	220	Unicorn-39120.exe	97
PID 220 wrote to memory of 1476	220	Unicorn-39120.exe	97
PID 536 wrote to memory of 4032	536	Unicorn-51263.exe	98
PID 536 wrote to memory of 4032	536	Unicorn-51263.exe	98
PID 536 wrote to memory of 4032	536	Unicorn-51263.exe	98
PID 2736 wrote to memory of 2364	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	99
PID 2736 wrote to memory of 2364	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	99
PID 2736 wrote to memory of 2364	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	99
PID 392 wrote to memory of 3180	392	Unicorn-56349.exe	102
PID 392 wrote to memory of 3180	392	Unicorn-56349.exe	102
PID 392 wrote to memory of 3180	392	Unicorn-56349.exe	102
PID 3984 wrote to memory of 4536	3984	Unicorn-30480.exe	103
PID 3984 wrote to memory of 4536	3984	Unicorn-30480.exe	103
PID 3984 wrote to memory of 4536	3984	Unicorn-30480.exe	103
PID 1476 wrote to memory of 452	1476	Unicorn-53396.exe	104
PID 1476 wrote to memory of 452	1476	Unicorn-53396.exe	104
PID 1476 wrote to memory of 452	1476	Unicorn-53396.exe	104
PID 220 wrote to memory of 4168	220	Unicorn-39120.exe	105
PID 220 wrote to memory of 4168	220	Unicorn-39120.exe	105
PID 220 wrote to memory of 4168	220	Unicorn-39120.exe	105
PID 2736 wrote to memory of 4388	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	106
PID 2736 wrote to memory of 4388	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	106
PID 2736 wrote to memory of 4388	2736	689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe	106
PID 2364 wrote to memory of 3344	2364	Unicorn-17053.exe	107
PID 2364 wrote to memory of 3344	2364	Unicorn-17053.exe	107
PID 2364 wrote to memory of 3344	2364	Unicorn-17053.exe	107
PID 4032 wrote to memory of 760	4032	Unicorn-48757.exe	108
PID 4032 wrote to memory of 760	4032	Unicorn-48757.exe	108
PID 4032 wrote to memory of 760	4032	Unicorn-48757.exe	108
PID 536 wrote to memory of 1576	536	Unicorn-51263.exe	109
PID 536 wrote to memory of 1576	536	Unicorn-51263.exe	109
PID 536 wrote to memory of 1576	536	Unicorn-51263.exe	109
PID 4536 wrote to memory of 344	4536	Unicorn-64068.exe	110
PID 4536 wrote to memory of 344	4536	Unicorn-64068.exe	110
PID 4536 wrote to memory of 344	4536	Unicorn-64068.exe	110
PID 3180 wrote to memory of 2268	3180	Unicorn-50192.exe	112
PID 3180 wrote to memory of 2268	3180	Unicorn-50192.exe	112
PID 3180 wrote to memory of 2268	3180	Unicorn-50192.exe	112
PID 3984 wrote to memory of 3820	3984	Unicorn-30480.exe	111
PID 3984 wrote to memory of 3820	3984	Unicorn-30480.exe	111
PID 3984 wrote to memory of 3820	3984	Unicorn-30480.exe	111
PID 392 wrote to memory of 2368	392	Unicorn-56349.exe	113
PID 392 wrote to memory of 2368	392	Unicorn-56349.exe	113
PID 392 wrote to memory of 2368	392	Unicorn-56349.exe	113
PID 452 wrote to memory of 3788	452	Unicorn-41640.exe	114
PID 452 wrote to memory of 3788	452	Unicorn-41640.exe	114
PID 452 wrote to memory of 3788	452	Unicorn-41640.exe	114
PID 1476 wrote to memory of 3160	1476	Unicorn-53396.exe	115
PID 1476 wrote to memory of 3160	1476	Unicorn-53396.exe	115
PID 1476 wrote to memory of 3160	1476	Unicorn-53396.exe	115
PID 4168 wrote to memory of 1804	4168	Unicorn-3906.exe	116

C:\Users\Admin\AppData\Local\Temp\689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe
"C:\Users\Admin\AppData\Local\Temp\689eebad75f2d79c05308be05d542f4c395576d187daf723cafa4295cd299b73N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        8⤵
        Executes dropped EXE
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
        10⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        11⤵
        
        PID:19452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        10⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        10⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        9⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        9⤵
        
        PID:18056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        9⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        10⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        10⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        9⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
        9⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        8⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        8⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        9⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        10⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        10⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        9⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
        9⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2874.exe
        8⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        8⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        8⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        8⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
        9⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        8⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        8⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        8⤵
        
        PID:18720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39686.exe
        7⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
        9⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        10⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        9⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51254.exe
        9⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        9⤵
        
        PID:18644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        8⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
        8⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
        8⤵
        
        PID:18808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
        8⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        8⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        8⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        8⤵
        
        PID:17476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        8⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        7⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        7⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
        8⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        8⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        8⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        8⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        8⤵
        
        PID:18500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        7⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
        7⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        8⤵
        
        PID:18820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43377.exe
        7⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59072.exe
        6⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        6⤵
        
        PID:18000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9487.exe
        9⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        9⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        8⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        8⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        8⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        8⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        7⤵
        
        PID:17824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        8⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        9⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        9⤵
        
        PID:18744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        8⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        8⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        7⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
        7⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        7⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
        9⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45764.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41157.exe
        8⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        7⤵
        
        PID:18612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        7⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2166.exe
        7⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        6⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        5⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        7⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        6⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        7⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        6⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        7⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        7⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        6⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4637.exe
        6⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        6⤵
        
        PID:18580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        5⤵
        
        PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        8⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34744.exe
        9⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        10⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        10⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        9⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        9⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38769.exe
        9⤵
        
        PID:18728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
        9⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        9⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        9⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
        9⤵
        
        PID:19380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        8⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        8⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:19016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        8⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
        9⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        9⤵
        
        PID:17860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        7⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29830.exe
        7⤵
        
        PID:18596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        9⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        10⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        10⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        9⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        9⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        8⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        9⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        8⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        8⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        8⤵
        
        PID:15420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15420 -s 472
        9⤵
        Program crash
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        7⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        8⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        8⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        7⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        7⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        6⤵
        
        PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        8⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        9⤵
        
        PID:18112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        8⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        7⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        8⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        7⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        6⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
        7⤵
        
        PID:17720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        6⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6039.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        7⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        7⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        6⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        7⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        7⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        6⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        6⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41363.exe
        7⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
        7⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        6⤵
        
        PID:18552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        5⤵
        
        PID:18248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30173.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        6⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        7⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        6⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
        6⤵
        
        PID:16064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        6⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        6⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        6⤵
        
        PID:18132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        6⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        5⤵
        
        PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
        7⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        5⤵
        
        PID:15964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
      4⤵
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
        6⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        7⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        6⤵
        
        PID:17800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        5⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        5⤵
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
      4⤵
      PID:10988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
      4⤵
      PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
      4⤵
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9372.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        9⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        10⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        9⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        9⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        9⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        8⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        8⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50136.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        8⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        8⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        7⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60312.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        9⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        9⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
        9⤵
        
        PID:18560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        8⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        8⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        8⤵
        
        PID:18812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        7⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        7⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        7⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        8⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12654.exe
        8⤵
        
        PID:18844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        7⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        6⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29397.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20333.exe
        6⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        8⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        7⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56951.exe
        7⤵
        
        PID:18676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        6⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        7⤵
        
        PID:18376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        6⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48413.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        6⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
        5⤵
        
        PID:18120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        9⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        8⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        7⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42267.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        7⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
        6⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30421.exe
        8⤵
        
        PID:17728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        7⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52632.exe
        7⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        7⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        7⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
        6⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        5⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        6⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16003.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        6⤵
        
        PID:17684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        8⤵
        
        PID:17604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        7⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
        7⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        6⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        5⤵
        
        PID:18536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        5⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        6⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
        6⤵
        
        PID:18672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        5⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        6⤵
        
        PID:18488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30681.exe
        5⤵
        
        PID:18868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        5⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        6⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
        5⤵
        
        PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50789.exe
      4⤵
      PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
      4⤵
      PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        8⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        7⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        7⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        7⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        6⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        7⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
        7⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        7⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        6⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        6⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17347.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
        6⤵
        
        PID:17240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
        6⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        5⤵
        
        PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2166.exe
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
        5⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        5⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        5⤵
        
        PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        6⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
      4⤵
      PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
        5⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        5⤵
        
        PID:18348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
      4⤵
      PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
      4⤵
      PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        7⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        6⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        6⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        6⤵
        
        PID:12748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        5⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
        5⤵
        
        PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        6⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        5⤵
        
        PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
      4⤵
      PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        5⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42638.exe
        5⤵
        
        PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
      4⤵
      PID:11176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
      4⤵
      PID:17620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        6⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
        5⤵
        
        PID:13756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
      4⤵
      PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        5⤵
        
        PID:18888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
      4⤵
      PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
      4⤵
      PID:17644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
    3⤵
    PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20648.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        5⤵
        
        PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
      4⤵
      PID:4900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
    3⤵
    PID:7480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
    3⤵
    PID:10292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25558.exe
    3⤵
    PID:14832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
    3⤵
    PID:18916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        6⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        8⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65128.exe
        9⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        9⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        8⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13019.exe
        9⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        8⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
        8⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        8⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        7⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
        7⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        7⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
        6⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        7⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
        6⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        7⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        7⤵
        
        PID:18032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        6⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        6⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        6⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        5⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
        5⤵
        
        PID:14532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        7⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
        7⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        6⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        6⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        7⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        6⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        5⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56216.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33702.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        5⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        5⤵
        
        PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        6⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 464
        7⤵
        Program crash
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        6⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
        6⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        5⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        5⤵
        
        PID:17120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
      4⤵
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
      4⤵
      PID:11460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
      4⤵
      PID:17376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
      4⤵
      PID:7040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8879.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        8⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        9⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        8⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        7⤵
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        7⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
        6⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        8⤵
        
        PID:15888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15888 -s 472
        9⤵
        Program crash
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        8⤵
        
        PID:18328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        7⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        6⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        6⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        7⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        7⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60458.exe
        5⤵
        
        PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        6⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
        7⤵
        
        PID:17812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        5⤵
        
        PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
      4⤵
      PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
      4⤵
      PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
      4⤵
      PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32702.exe
      4⤵
      PID:6708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61853.exe
        6⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18578.exe
        5⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        5⤵
        
        PID:19388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
      4⤵
      PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        5⤵
        
        PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
      4⤵
      PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
      4⤵
      PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
      4⤵
      PID:18628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57261.exe
        6⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
        7⤵
        
        PID:18204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        5⤵
        
        PID:18472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
      4⤵
      PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54312.exe
        5⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        5⤵
        
        PID:18484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
      4⤵
      PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
      4⤵
      PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
    3⤵
    PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 712
        6⤵
        Program crash
        
        PID:16672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 692
        5⤵
        Program crash
        
        PID:12456
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 640
      4⤵
      Program crash
      PID:7176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
      4⤵
      PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64906.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
      4⤵
      PID:18088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
    3⤵
    PID:11040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
    3⤵
    PID:14636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        8⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        8⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        8⤵
        
        PID:17368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        7⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
        8⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        7⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        7⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        6⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
        7⤵
        
        PID:17664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        6⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        6⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53430.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        7⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        7⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        6⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        7⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        6⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
        7⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        6⤵
        
        PID:18304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        6⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        5⤵
        
        PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        5⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        5⤵
        
        PID:19396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
      4⤵
      PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
      4⤵
      PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
      4⤵
      PID:18712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33597.exe
        7⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        6⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        7⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53070.exe
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        5⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23309.exe
        5⤵
        
        PID:18768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        5⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        6⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38886.exe
        6⤵
        
        PID:19184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49798.exe
        5⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        5⤵
        
        PID:18660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
      4⤵
      PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        5⤵
        
        PID:17948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
      4⤵
      PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31005.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        6⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        6⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
      4⤵
      PID:13272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
      4⤵
      PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
      4⤵
      PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
      4⤵
      PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
      4⤵
      PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
      4⤵
      PID:3500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
    3⤵
    PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22339.exe
      4⤵
      PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
      4⤵
      PID:17676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
    3⤵
    PID:11124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
    3⤵
    PID:15456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
    3⤵
    PID:16628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:18640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20648.exe
        7⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        7⤵
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40019.exe
        5⤵
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        5⤵
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
      4⤵
      PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
      4⤵
      PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
      4⤵
      PID:17488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
        6⤵
        
        PID:15416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        6⤵
        
        PID:18564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13661.exe
        5⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31975.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
      4⤵
      PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63989.exe
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30315.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        5⤵
        
        PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
      4⤵
      PID:15936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
    3⤵
    PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48885.exe
      4⤵
      PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        5⤵
        
        PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        5⤵
        
        PID:17616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
      4⤵
      PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
      4⤵
      PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      4⤵
      PID:18884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
    3⤵
    PID:9708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
    3⤵
    PID:14584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:18752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6300.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        5⤵
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        5⤵
        
        PID:17776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        5⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        5⤵
        
        PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
      4⤵
      PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
      4⤵
      PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
      4⤵
      PID:15808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
      4⤵
      PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
      4⤵
      PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
      4⤵
      PID:16212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
    3⤵
    PID:9168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
    3⤵
    PID:10652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
    3⤵
    PID:17296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
    3⤵
    PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
      4⤵
      PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
      4⤵
      PID:12724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
      4⤵
      PID:15308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exe
    3⤵
    PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
      4⤵
      PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
      4⤵
      PID:16428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
    3⤵
    PID:10676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
    3⤵
    PID:15328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44806.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
  2⤵
  PID:5860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
    3⤵
    PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
      4⤵
      PID:18340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
    3⤵
    PID:11788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
    3⤵
    PID:17348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
    3⤵
    PID:17632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
  2⤵
  PID:7924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
    3⤵
    PID:8860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
    3⤵
    PID:13724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
    3⤵
    PID:7008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
  2⤵
  PID:7204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
    3⤵
    PID:12720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
    3⤵
    PID:18516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
  2⤵
  PID:14652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
  2⤵
  PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5988 -ip 5988
1⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5328 -ip 5328
1⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6020 -ip 6020
1⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 6776 -ip 6776
1⤵
PID:17244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 15888 -ip 15888
1⤵
PID:16620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 15420 -ip 15420
1⤵
PID:16568

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe

Filesize
468KB

MD5
bf3d39c28d3733f7edd5673704b1180a

SHA1
79fb10fab0f28f48532dd02e446c3b5a200f51ac

SHA256
40f3b41a918cf600dec0e333ba077fe7443157f69b2213c856c253f5e574dc99

SHA512
154d7b8ea282d2aaa61bd4c42d2124586f18ceee92644ed5d7b624d5d5240796898ce322fefb3c6a50e1a43151632d8fca8adf131a0de1b5a4ec095111280795

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe

Filesize
468KB

MD5
293310c53e4c2f347e573ac2bf789252

SHA1
9c54b64e73f05a7a5aa374593d9c6aaa85915ba5

SHA256
5dc3e126407b7df4ae08294c6c8b45c39d68eabb1abb8109f15c85c0cfa51c38

SHA512
2be0f1f2411911b7b7217ea48fb6ade40d928ceb77320bb2d6e55310043c95cf7523a58e2920c3f639045b3d1dfbe0c7e9c1acb9c8b818adff58031c1beeacf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe

Filesize
468KB

MD5
cc486e8e3ead9cd3e7007108e19f5d39

SHA1
e4d256106c3ea7c975602661393122dfed6c03ad

SHA256
6bb306d89613f7d4f7e40a1b1a930cf46b5c9c59dd02eb5b34a552c19e0b6bbb

SHA512
df458bfa75fd0478f43b70c4f0da8b4b7c085d0f13bca2457740efab73dadd75e2c4579a50d8bce83a46f02a923ff80297febf172e71a46e0942f5739197b3af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe

Filesize
468KB

MD5
438af00083641a2bcacc7dd259d7f5c3

SHA1
0fdaea4d30a703fa24604884bf8ef900a09c0af8

SHA256
433e5825c06542c963521374cbcbb220ff44fe7852ad5c2db43bb051111477a0

SHA512
c5008c3682a1035ce779f064a84aec1f3323d96ef5d9f392cf4af6eda50f032f5eb9ab2fdd979503462837fa652e6b00cbc76affcd80b9f00ada9922055b20fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe

Filesize
468KB

MD5
2678314926f32d024b1485a6ad1d8c45

SHA1
e9660ce3d6e19d6d98e8bdd99e8b818137819633

SHA256
3e9dc7e187961d1aa4df55094cdfc624652ea57048cbc5c374a47b959a210254

SHA512
8aef8df5c206bb92e53b325ca88ffd2d5589a5066abb894cedef3dd3d808bf266ee4f58401180b3cbe67a6194d81924593294ba8c9fe4c61b94624418e358776

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe

Filesize
468KB

MD5
e67b74ee40f18ee03ff89d89b384e4ad

SHA1
d735732e1f4fa8c916ac81d39d6cc4d0287bffcf

SHA256
ef334c6ebf945aa2af7130a807af2e2499da3e253fa2b06d8667ce5259e81469

SHA512
0a2010624a6c2190004dc078761734a26b98f23bb6e1975b8d3768e69f509b54b000b2f6ba7ff7545ebf09d24d15823abc2343c725fff1bc74b5f8cfb35e4fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe

Filesize
468KB

MD5
1292f2dbcf41bd0998641485bce64ee9

SHA1
17ea02a31da3cfc354b242213e47b67218ccece4

SHA256
3899ad24424959a7d29a2874665a53be457e518a2b803c66eae44f15ba67f936

SHA512
ac6f87c49d78b505fc456c8a94fddbd4fe4a158d24982e23773744398d1561b348ecfef1c2a8d72710bd8cbe20a0a6d3ecdc83e893cb6e54a30181ab34d4ab86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe

Filesize
468KB

MD5
42809113a3fe6d3a157e1400286f3270

SHA1
9209a5fd896328e8a39b0a0e626aee48f8719d87

SHA256
eb71fcb3ce811028fdd5359b7f4ce647b4470ffec20868697d09339e491e9c2e

SHA512
0ae40b2373b4b6577f5645dee1b75a01a3a1f3af36bbe49bca44a3bdb28b9043e796ed2ef9beb1a9a59f12c6bba447d37a4cddeab932773e3de7b65cdeff80db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe

Filesize
468KB

MD5
d68f216e4ddffbe2d767f1e364865d5b

SHA1
5f48a31f9afce3077d042cac2c89fb69f742892b

SHA256
e99ffd215a71c75779757d16b4112ba0a8aa05849bb9925c24e697fdba719f1e

SHA512
a170eeb89cd9987b818da17c0f49f318b635dc9e167196d6f3f99fde39aa0addbdec12b64c8dddb7e9f5ffa187596309cada64eb65286f60debf77485936904f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe

Filesize
468KB

MD5
a181c13fabc2f057cf49d4f2bb5a142a

SHA1
ccc9adc97a478b75d2502975406c631629d6d84b

SHA256
7c04edfba7038bb7a090a4aa95dd7ae5a8969d555c0efa17c6ae669f873f9a2c

SHA512
e159c2d10ebfe39f8db3c06daa9503ba4606ad6749e08f184cecbdf9e9f715e70a82a8deb5e0beabff5c6124ebab12bc1056ee1b9b1ba16110417cc4edbd9000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe

Filesize
468KB

MD5
0e69d8fd67885e8d9d2f19104d0855ae

SHA1
8998dd97588ae4437a073662d4aad1fbf60f70b8

SHA256
2c99c99ab607626de82382f54fd9a30163f06f371c5e91feed6119581140ccd6

SHA512
505ca522e0be8e97a1594c3610a8ff2d1acd9d982a9da92f38ba68f281df826873859cbd309696b537eb704d3b7dd677f1a18c2c0e05951302199047b1bf5dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe

Filesize
468KB

MD5
f3548cdcd0b04b7577b7c5648e5d4b47

SHA1
a2207bbfd60c7a43445a2ea3eb5ce8e40d5e23b1

SHA256
c65e81b47f39c8ed44ab656aaa183184fbb0cfb9078b62958a9a9177bc1d30b2

SHA512
57f8b80beb137f5cfedb70f2be4dff0c03613fa92b732a5ce2cad06fc00778e0a0740e86184667755effb3adee1b2c03567f86863bec87eb9628e23a3a2b9dce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe

Filesize
468KB

MD5
69216d38b2f27588ed5b09272cb70aff

SHA1
1087b894e6f8e5b018ace0286925b136629dac8c

SHA256
b3ca1024529bad831060526a7ce75c7c36123f611ac50739bf6adbcb591596d6

SHA512
b7a397e39c96545a8f85604b9c00f4e294528ea8aac29f8942c4fc6d23a0e12f0fcd5f368f68cdd93a86eaabe770c52ebfbd3f5e8ed6052127a2b7e5910bca98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe

Filesize
468KB

MD5
ab8cabdf859ff62e15bd44a6173334d8

SHA1
a5f3d8c33503dbfcf19bbf5836eea4d8cacd8cb7

SHA256
f7fec1672ee6bf08f42ac1ed467ce2f6d2cbcef7658a94ea7b76a4a783120651

SHA512
f7cdf70db5f0f779267c003acb705022e9148de6d4cccf6f0ec2513a4775b71374c69805159530bf7aad318261aa6ad0f08b46f081f506f5dbdcd08e144add88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe

Filesize
468KB

MD5
ef46a50eb892ff55dfc149c4dceb4ed5

SHA1
a834a7b7cbe0bdc241c6c107ed821d14a90b00db

SHA256
47b5ae46c17b46a09aa049acb6d923c2bf7ed22b46cf99513ef25f9891d431b3

SHA512
45fb15d13f8edfb61507b1d799f440d63a156d633f55ccc2fcd371b1827a31dac590edc7633fa92f4fe157afdce76ea8595c4f3f3f9ca78d418cb6dc787df149

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe

Filesize
468KB

MD5
b98fc1bf9c8a06949a7defaadc547980

SHA1
5e37e2bf1ec7c8f9abc352644af53ca28a6b8b6f

SHA256
41c2322c271e3296a56d3523b8cf0a66ae9a710443fa8a72968cc2b91edce33f

SHA512
838b57f7f7ff73c0372ba0f7528bf1473cec50d701365367cc221cfdae9c83e497738d6fba386e62e46f5ed20f261293503fbd59807ac5a46e2956946055f297

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe

Filesize
468KB

MD5
1770290964cccbaf3e56ca023fb67d39

SHA1
31f126ac4228d06678f4ddfe23a0d7ad78ac1e11

SHA256
e4303f0c81774c71b46cedf05e5400be298fd42bfd013f75bbf4a41f597599ae

SHA512
3a3f6f0ea4790f86d73111136689792777eb977e205230686a693525ffdf3b59383ed3508825ebd05420f559270041efd857e55f7c02c70c26671f2ba329d290

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe

Filesize
468KB

MD5
c186281ce85b3401b78107c2779c28cf

SHA1
bf623d6a0c6c805a5845d36f8354d01dd997001b

SHA256
88c01452e574f196b492930db9d00982710a5ba982ad4b4e0b9962b4120eac93

SHA512
603f5a6c5738a723ca0b84ed8fb7a65d1b3db2e2d635a409d21ffed0b4d3754d327125797a8822805095b48bf71734408fb6c4c202d03451616c22e659ac7266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe

Filesize
468KB

MD5
61a6615fe91d75e8564888c2699c6bea

SHA1
32c7643e847ec30b46b065ede5fec7571a115ced

SHA256
ba5f1ea923e00cc14ef1c7d5078c8cdb1ef92b4da177473e9a9c20299a64e4e7

SHA512
8f53347d011b05808b81833e2620f3ba55b85c7f2185cf43cbd66febd53ae9fb85e269048c8ebd563d2cb2eb2a2d48c8b5dcaaa4a738fc11f147fac27f782062

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe

Filesize
468KB

MD5
0dc04cea4f3dcbc31927ce1c43ff1522

SHA1
c2beb391540f1eb6de68d0963da2440e977f8f85

SHA256
cc7d86a9ad733683a32073923e6deb1717d8533ff2c7e24700d8f205be34976e

SHA512
685d22fba9cc45fc418f7fd40faf73e9f7edf3eea76a88e93a1a198a779ac948cb41b4340abf7a9965d67533d3595191b4f77f45df95f7c77b473de3550fa616

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe

Filesize
468KB

MD5
2f1657d035bca2c1ecefae39c7557f25

SHA1
e9a9eec1447c2f7c7aead909c6ccec22c2ec4413

SHA256
2e1f0c79be5fee48b6d12255a6920a1b89478f77dddc082d12c2fc3d6d296016

SHA512
b05a02b3bef83e9e7184be669fa026a53a44e987116aa273458625881c723affbd4cf2c3835f708651f2fd2f39dea73e7aa692968471d4a4987df96b1d41f2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe

Filesize
468KB

MD5
df0d68874c4a797f32aada707652ab1d

SHA1
7e79d68f92176deaae628ce729f2056c76102f93

SHA256
cb0a3004292688df0ddf4919b56b062624e18709ba1b3efba0131f590fa498ce

SHA512
c460e685881e2a7ee2625435d9bccdbb07c850f1ae8ea0ef8f87b4fc49329e8557f24e6f4460829d326de217b5a05640377a0aaafc5fbfb29c37abae93190a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe

Filesize
468KB

MD5
c94b8dd0e277c8917c1688431bfbe72c

SHA1
4d06e79aff3d30ca9135030452a2c0d14f2801d5

SHA256
eeb4f5e112020d7ea797e00d64af4c5f136a85a63907e502f9cb4f7d3d1c7c68

SHA512
276eef267a01343ea2b93be9969b52c9b857fe0f44d4736fcdd60dfcdb294c289c44a280ce4a44428aab757639aea47a8c553344551102cccf14aca393ba9646

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe

Filesize
468KB

MD5
ba6248e7b79f77fe4ba4a9c3a4bcd895

SHA1
7b6a2495452a897b0c2926f80d62d3381046f02f

SHA256
8087e3b93239181003a235da707e98f4c82d80231b132fa154f89b8c98af6dcf

SHA512
f00b6a38e6027b1a0c7e2409bb00d905f3e06459310514b5f46a175c90a026946e0537cb5c3b635fbd1c0d1a2e592ec66256dc114c08ddbdd95cae9ca48a43c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe

Filesize
468KB

MD5
bcb389d2b434ac41c2c982200c96da82

SHA1
f83c7bfcdcd0fc374d96c1ec9eba3a8982fba49e

SHA256
5fb519b0e0a401bd59afca6d8583168e54a74f6192b068953abc7b88b133a6e6

SHA512
a9bd563cbb4b6db602c05bdc479f7d83f8930df4d17aff8648c0a9bc276ac8f6b98fbe990ef32e66eb84a38c59df76627faed08c0517d2400edb53da46edf8a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe

Filesize
468KB

MD5
18701a6b3d3ed3435677c49c2d6d7d0d

SHA1
f4a6a364ceab5866f3fa61ba8f71d00dfe95b7d0

SHA256
86dfc7cf7b4e0f4fadb3f636815ebb60b4eea506b36c2c7175afa484cb5dbf98

SHA512
53ae5a08a250910bd3a508dfe1c2121d9c124c2796c4deff5f314a70f247d91ae821ebd810cea858549ab4ef524ad06e02ac6d923c33a99deaa14433d2a286e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe

Filesize
468KB

MD5
1c9686289fed2128d1ee6cd750aa8501

SHA1
b6308afadf12df7431baffe8ea50fa6c89f4cfc1

SHA256
5852316933b62b52c4077db5bcb743968571181ceacb2473607e61fbeb0281f7

SHA512
03a3b8ca2e48820b5ec8e4b02314a1a97e3cddf53137acd6957296c5c72943737bb4445ba518d40c6f74a09a11c20f97c9da2099c830ecaf7a94131c457c4838

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe

Filesize
468KB

MD5
0bd1ecd8108920b3628e898e9c69e997

SHA1
3f37687a3ecd784cfcb0a2996ba3f0313d48f381

SHA256
9dda762f74bf0cf743d92e8ee6362c22a9cf1b10292e909ee74f9d9becad62cf

SHA512
76658481390388b9b536f3d62eac3cdb72b5c0f04e39190faf71c667e98c305090b82033fae56369f05f7a297d3647182e7cd3b2018f02d08a735af56d4eabaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe

Filesize
468KB

MD5
6dbb6b9ada37982bd8b2c39c315cb1de

SHA1
68417425651847adb3946fc9aec25fa741d3b02d

SHA256
6d43cc5e2860144778951c07e918db64102bd1fe805df84f7b4f9433b3dfe6e1

SHA512
ef71c2f6af105d59a4b72f758f17c11ae9378e2e2d00a34f1699b23e8de7ce4b64f63364f5bf41afa716161cad7ec473f18062d803e6b2acebc9fcb2bd715ede

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe

Filesize
468KB

MD5
70ceec1ae74749be1a2841ace9e29be8

SHA1
aa3bdb2c41da46fe158e2abbd269a865c44a28fc

SHA256
114f3deeeadd41da2b13e588fa84f5ff70bba98957c1fc2c64653b820f30bad0

SHA512
6bbc4e554967fa8e6d00d7187d539c2dd2d7207ec230eecf33aff3045f8c3aed7eb35ef3a57518ae30fdcdf9b03ef0aa00443ba66b9a46515571dfe25157c103

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe

Filesize
468KB

MD5
6f4d811c6e44c447d671692d908d8545

SHA1
f4ee06e2d3765a07a39381627cb191f1d36c88d1

SHA256
338b3f33aa75bc347c0db856f584144376e234b41ff1e2c57910977daf7a8453

SHA512
a9db09de73ae9dedc95bc5be9974ae6fefb2dbf64146dcc071ce7d7d14df5eb431d3b39f9f720198d97e67581d26563dfe3730e448512fc6da01fc8a8d184cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe

Filesize
468KB

MD5
cbc4463a3b791df1f6233492655ffdfe

SHA1
166ab69e70974b62db7e2555cd547ae371cd6375

SHA256
bdfedf6dbee40b26a16bbf1e702e72c69eacb0e6df85be4c710f8354f48fafdb

SHA512
2fea4d3f91d8066abcf02ac380b65ce575da05eb70bd7f7a3efd42ab7d7507472e8ea01f548a616e4ce14616fdead7dad76f0c4135748176815803f2bce64d0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe

Filesize
468KB

MD5
7b49585fee9aaab5de10249c4ec9ddaf

SHA1
a239cf52965078bcb9d4c581e63048efc37d0b81

SHA256
63581dcb7d206fadd5f54a75c2094a29447b1fc756240369d164fba319ddc275

SHA512
45fea9c989e37718403943be4df5edfb50c6d7a98e7abf0ba470fc442620d272a08633e9c0ea4b933993bd655c2caa3c00cb0e97d48fc5408d032bdc3a09d436

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads