12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82

Analysis

max time kernel
120s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe
Size

468KB
MD5

d8af28932a95c86d212d0704269f85b0
SHA1

adb615cbba02701b6f454afb7e365cdca65ce257
SHA256

12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82
SHA512

4b052b63107cc465e690eea8e45be2d05d6ae79127857f27c15ada8fc4fbb81ef6628ee18a40981f1d78952231ed31bb5f5e9d20614e3f47a6716ee6b2b4dfd6
SSDEEP

3072:bbAhZ51V08U1bYTPzElSf8FENDA+SO3udH0ZVHRCsPBuGINGPl4:bb2T5U1EPglSfBVblCsZtING

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2416	Unicorn-20523.exe
1680	Unicorn-23704.exe
2208	Unicorn-7922.exe
3568	Unicorn-24747.exe
1640	Unicorn-2297.exe
4216	Unicorn-16032.exe
948	Unicorn-8218.exe
3728	Unicorn-53932.exe
1780	Unicorn-62655.exe
2940	Unicorn-15915.exe
2488	Unicorn-9784.exe
1904	Unicorn-28971.exe
548	Unicorn-59443.exe
3748	Unicorn-13349.exe
4232	Unicorn-63890.exe
3628	Unicorn-19096.exe
644	Unicorn-44155.exe
3088	Unicorn-57196.exe
4812	Unicorn-59946.exe
1980	Unicorn-20248.exe
3060	Unicorn-15401.exe
3080	Unicorn-3397.exe
2848	Unicorn-32500.exe
4740	Unicorn-25300.exe
4960	Unicorn-42072.exe
2792	Unicorn-42072.exe
1848	Unicorn-26290.exe
3712	Unicorn-45891.exe
3004	Unicorn-43041.exe
4804	Unicorn-48979.exe
1356	Unicorn-62855.exe
868	Unicorn-34488.exe
3436	Unicorn-40619.exe
2672	Unicorn-30265.exe
3764	Unicorn-18336.exe
4828	Unicorn-54578.exe
4480	Unicorn-8906.exe
4464	Unicorn-41886.exe
2752	Unicorn-47007.exe
1496	Unicorn-11127.exe
3180	Unicorn-18334.exe
3288	Unicorn-16180.exe
1036	Unicorn-19296.exe
2120	Unicorn-2445.exe
2088	Unicorn-47619.exe
4304	Unicorn-23934.exe
4616	Unicorn-23380.exe
1260	Unicorn-43800.exe
3120	Unicorn-40183.exe
5020	Unicorn-56519.exe
3156	Unicorn-24724.exe
400	Unicorn-53312.exe
4336	Unicorn-53312.exe
4184	Unicorn-7433.exe
3124	Unicorn-57396.exe
4724	Unicorn-62035.exe
3048	Unicorn-10233.exe
3920	Unicorn-32377.exe
5052	Unicorn-55870.exe
4840	Unicorn-56135.exe
2240	Unicorn-390.exe
4484	Unicorn-23006.exe
3592	Unicorn-17140.exe
376	Unicorn-33529.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3392	1356	WerFault.exe	119
12556	7344	WerFault.exe	304

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52813.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2948	dwm.exe
Token: SeChangeNotifyPrivilege	2948	dwm.exe
Token: 33	2948	dwm.exe
Token: SeIncBasePriorityPrivilege	2948	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe
2416	Unicorn-20523.exe
2208	Unicorn-7922.exe
1680	Unicorn-23704.exe
3568	Unicorn-24747.exe
1640	Unicorn-2297.exe
4216	Unicorn-16032.exe
948	Unicorn-8218.exe
3728	Unicorn-53932.exe
1780	Unicorn-62655.exe
1904	Unicorn-28971.exe
2488	Unicorn-9784.exe
2940	Unicorn-15915.exe
3748	Unicorn-13349.exe
548	Unicorn-59443.exe
3628	Unicorn-19096.exe
644	Unicorn-44155.exe
3088	Unicorn-57196.exe
4812	Unicorn-59946.exe
1980	Unicorn-20248.exe
3060	Unicorn-15401.exe
3080	Unicorn-3397.exe
2848	Unicorn-32500.exe
4740	Unicorn-25300.exe
4960	Unicorn-42072.exe
2792	Unicorn-42072.exe
1848	Unicorn-26290.exe
3712	Unicorn-45891.exe
3004	Unicorn-43041.exe
4804	Unicorn-48979.exe
1356	Unicorn-62855.exe
3436	Unicorn-40619.exe
868	Unicorn-34488.exe
3764	Unicorn-18336.exe
2672	Unicorn-30265.exe
4464	Unicorn-41886.exe
4828	Unicorn-54578.exe
4480	Unicorn-8906.exe
1496	Unicorn-11127.exe
1260	Unicorn-43800.exe
2088	Unicorn-47619.exe
1036	Unicorn-19296.exe
3288	Unicorn-16180.exe
2120	Unicorn-2445.exe
4304	Unicorn-23934.exe
2752	Unicorn-47007.exe
4616	Unicorn-23380.exe
3180	Unicorn-18334.exe
3120	Unicorn-40183.exe
5020	Unicorn-56519.exe
3156	Unicorn-24724.exe
400	Unicorn-53312.exe
4336	Unicorn-53312.exe
4184	Unicorn-7433.exe
3124	Unicorn-57396.exe
3048	Unicorn-10233.exe
4724	Unicorn-62035.exe
3920	Unicorn-32377.exe
376	Unicorn-33529.exe
5052	Unicorn-55870.exe
1632	Unicorn-17516.exe
4840	Unicorn-56135.exe
4484	Unicorn-23006.exe
3592	Unicorn-17140.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2416	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	82
PID 2012 wrote to memory of 2416	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	82
PID 2012 wrote to memory of 2416	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	82
PID 2416 wrote to memory of 1680	2416	Unicorn-20523.exe	85
PID 2416 wrote to memory of 1680	2416	Unicorn-20523.exe	85
PID 2416 wrote to memory of 1680	2416	Unicorn-20523.exe	85
PID 2012 wrote to memory of 2208	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	86
PID 2012 wrote to memory of 2208	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	86
PID 2012 wrote to memory of 2208	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	86
PID 2208 wrote to memory of 3568	2208	Unicorn-7922.exe	89
PID 2208 wrote to memory of 3568	2208	Unicorn-7922.exe	89
PID 2208 wrote to memory of 3568	2208	Unicorn-7922.exe	89
PID 2416 wrote to memory of 1640	2416	Unicorn-20523.exe	90
PID 2416 wrote to memory of 1640	2416	Unicorn-20523.exe	90
PID 2416 wrote to memory of 1640	2416	Unicorn-20523.exe	90
PID 2012 wrote to memory of 4216	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	91
PID 2012 wrote to memory of 4216	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	91
PID 2012 wrote to memory of 4216	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	91
PID 1680 wrote to memory of 948	1680	Unicorn-23704.exe	93
PID 1680 wrote to memory of 948	1680	Unicorn-23704.exe	93
PID 1680 wrote to memory of 948	1680	Unicorn-23704.exe	93
PID 3568 wrote to memory of 3728	3568	Unicorn-24747.exe	96
PID 3568 wrote to memory of 3728	3568	Unicorn-24747.exe	96
PID 3568 wrote to memory of 3728	3568	Unicorn-24747.exe	96
PID 2208 wrote to memory of 1780	2208	Unicorn-7922.exe	97
PID 2208 wrote to memory of 1780	2208	Unicorn-7922.exe	97
PID 2208 wrote to memory of 1780	2208	Unicorn-7922.exe	97
PID 1640 wrote to memory of 2940	1640	Unicorn-2297.exe	99
PID 1640 wrote to memory of 2940	1640	Unicorn-2297.exe	99
PID 1640 wrote to memory of 2940	1640	Unicorn-2297.exe	99
PID 2416 wrote to memory of 2488	2416	Unicorn-20523.exe	98
PID 2416 wrote to memory of 2488	2416	Unicorn-20523.exe	98
PID 2416 wrote to memory of 2488	2416	Unicorn-20523.exe	98
PID 2012 wrote to memory of 1904	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	100
PID 2012 wrote to memory of 1904	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	100
PID 2012 wrote to memory of 1904	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	100
PID 948 wrote to memory of 548	948	Unicorn-8218.exe	101
PID 948 wrote to memory of 548	948	Unicorn-8218.exe	101
PID 948 wrote to memory of 548	948	Unicorn-8218.exe	101
PID 1680 wrote to memory of 3748	1680	Unicorn-23704.exe	102
PID 1680 wrote to memory of 3748	1680	Unicorn-23704.exe	102
PID 1680 wrote to memory of 3748	1680	Unicorn-23704.exe	102
PID 4216 wrote to memory of 4232	4216	Unicorn-16032.exe	103
PID 4216 wrote to memory of 4232	4216	Unicorn-16032.exe	103
PID 4216 wrote to memory of 4232	4216	Unicorn-16032.exe	103
PID 3728 wrote to memory of 3628	3728	Unicorn-53932.exe	104
PID 3728 wrote to memory of 3628	3728	Unicorn-53932.exe	104
PID 3728 wrote to memory of 3628	3728	Unicorn-53932.exe	104
PID 3568 wrote to memory of 644	3568	Unicorn-24747.exe	105
PID 3568 wrote to memory of 644	3568	Unicorn-24747.exe	105
PID 3568 wrote to memory of 644	3568	Unicorn-24747.exe	105
PID 2488 wrote to memory of 3088	2488	Unicorn-9784.exe	106
PID 2488 wrote to memory of 3088	2488	Unicorn-9784.exe	106
PID 2488 wrote to memory of 3088	2488	Unicorn-9784.exe	106
PID 2416 wrote to memory of 4812	2416	Unicorn-20523.exe	107
PID 2416 wrote to memory of 4812	2416	Unicorn-20523.exe	107
PID 2416 wrote to memory of 4812	2416	Unicorn-20523.exe	107
PID 1904 wrote to memory of 1980	1904	Unicorn-28971.exe	108
PID 1904 wrote to memory of 1980	1904	Unicorn-28971.exe	108
PID 1904 wrote to memory of 1980	1904	Unicorn-28971.exe	108
PID 2012 wrote to memory of 3060	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	109
PID 2012 wrote to memory of 3060	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	109
PID 2012 wrote to memory of 3060	2012	12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe	109
PID 1640 wrote to memory of 3080	1640	Unicorn-2297.exe	111

C:\Users\Admin\AppData\Local\Temp\12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe
"C:\Users\Admin\AppData\Local\Temp\12dd546d9a6852228f8bd04f805872694d24a454bcc4e3f3eb537ea064e56a82N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        10⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        10⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        10⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        9⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        9⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        8⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
        9⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        9⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        8⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
        8⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33972.exe
        9⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        8⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        8⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        8⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        7⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        9⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        9⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        8⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        8⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54060.exe
        8⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        8⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        6⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        8⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
        9⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40717.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        7⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        7⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        8⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        8⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        7⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        7⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40640.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        8⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        7⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54060.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        7⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        6⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
        7⤵
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        6⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
        5⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        6⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
        5⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        5⤵
        
        PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        9⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        9⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        8⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        8⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        8⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        8⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        7⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        8⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        7⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 632
        8⤵
        Program crash
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        7⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
        6⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        7⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        6⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        5⤵
        
        PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        8⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44365.exe
        7⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        7⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        6⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        6⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        5⤵
        
        PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5471.exe
        6⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3487.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48205.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10162.exe
        5⤵
        
        PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        6⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        5⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        5⤵
        
        PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
      4⤵
      PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30265.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        8⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        8⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        6⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        7⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        6⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        7⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        7⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
        9⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        8⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        8⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        7⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1258.exe
        7⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        8⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        7⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
        5⤵
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        7⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        5⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        5⤵
        
        PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        5⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        7⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        6⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        6⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        5⤵
        
        PID:13824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62078.exe
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
      4⤵
      PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
      4⤵
      PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57196.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
        9⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        9⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        9⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        8⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        8⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        8⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        7⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        7⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        6⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64184.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        7⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        7⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        7⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        6⤵
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        6⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        5⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12985.exe
        5⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        5⤵
        
        PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        5⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        7⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        7⤵
        
        PID:15432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        7⤵
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53825.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        6⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5495.exe
        5⤵
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19169.exe
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        6⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
      4⤵
      PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        5⤵
        
        PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
      4⤵
      PID:14996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        8⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        7⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56571.exe
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9706.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        6⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        6⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        5⤵
        
        PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
      4⤵
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        7⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        5⤵
        
        PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
        5⤵
        
        PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
      4⤵
      PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
      4⤵
      PID:5544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24615.exe
      4⤵
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52570.exe
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        6⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
      4⤵
      PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        5⤵
        
        PID:12760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48345.exe
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33323.exe
      4⤵
      PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
      4⤵
      PID:4584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
    3⤵
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        5⤵
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
      4⤵
      PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
      4⤵
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
      4⤵
      PID:9140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
    3⤵
    PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
      4⤵
      PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
      4⤵
      PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
      4⤵
      PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
      4⤵
      PID:1016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
    3⤵
    PID:8548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
    3⤵
    PID:11840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
    3⤵
    PID:15868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        9⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        10⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        10⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        9⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exe
        9⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22258.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        8⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        8⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        8⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        8⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        8⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        8⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        7⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        7⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        6⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        9⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        9⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        8⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        7⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        7⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        7⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        6⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 488
        6⤵
        Program crash
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        7⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        6⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57458.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        5⤵
        
        PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17894.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        8⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        7⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        7⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        5⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        7⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
        7⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        6⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        6⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        5⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        7⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        6⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34873.exe
        6⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        5⤵
        
        PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23006.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        6⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30696.exe
        6⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        5⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        5⤵
        
        PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        5⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        5⤵
        
        PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41905.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        8⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        7⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        6⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        7⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exe
        6⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        6⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
        5⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        5⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        5⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        5⤵
        
        PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
        5⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33972.exe
        8⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        7⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        7⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        7⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9913.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        6⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19060.exe
      4⤵
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5741.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        6⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        5⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
        5⤵
        
        PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
      4⤵
      PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        5⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        5⤵
        
        PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
      4⤵
      PID:15356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        7⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        6⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        6⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        5⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        6⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        5⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        5⤵
        
        PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        5⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        5⤵
        
        PID:13796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
      4⤵
      PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17261.exe
      4⤵
      PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
      4⤵
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        6⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        5⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
      4⤵
      PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49637.exe
      4⤵
      PID:13784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
    3⤵
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-593.exe
        5⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        5⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
      4⤵
      PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
      4⤵
      PID:572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
    3⤵
    PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57075.exe
      4⤵
      PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
      4⤵
      PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
    3⤵
    PID:9292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
    3⤵
    PID:13456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
    3⤵
    - Executes dropped EXE
    PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23692.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        7⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
        6⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        6⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        5⤵
        
        PID:228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
      4⤵
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        6⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        6⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8382.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        5⤵
        
        PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61159.exe
        5⤵
        
        PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
      4⤵
      PID:14644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1387.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        6⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
      4⤵
      PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11323.exe
        5⤵
        
        PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
      4⤵
      PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
      4⤵
      PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
      4⤵
      PID:6136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
    3⤵
    PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
      4⤵
      PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
      4⤵
      PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
      4⤵
      PID:13508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
    3⤵
    PID:11448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22889.exe
    3⤵
    PID:14312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
        5⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        8⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        8⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        7⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        7⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        6⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        6⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        5⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        5⤵
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
      4⤵
      PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        6⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        5⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        5⤵
        
        PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        5⤵
        
        PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42333.exe
      4⤵
      PID:13632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58055.exe
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        5⤵
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        5⤵
        
        PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
      4⤵
      PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
      4⤵
      PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
      4⤵
      PID:7172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
    3⤵
    PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
      4⤵
      PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
      4⤵
      PID:15856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
    3⤵
    PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
      4⤵
      PID:15120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
    3⤵
    PID:9468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
    3⤵
    PID:13660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
      4⤵
      PID:9548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        5⤵
        
        PID:13808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
      4⤵
      PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
      4⤵
      PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
      4⤵
      PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24927.exe
      4⤵
      PID:12224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
    3⤵
    PID:10828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
    3⤵
    PID:14900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
    3⤵
    PID:16056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
    3⤵
    PID:2652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
    3⤵
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        5⤵
        
        PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      4⤵
      PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
      4⤵
      PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
      4⤵
      PID:9120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
    3⤵
    PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
    3⤵
    PID:9284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
    3⤵
    PID:13280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
    3⤵
    PID:16060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
  2⤵
  PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
    3⤵
    PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
      4⤵
      PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
      4⤵
      PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
      4⤵
      PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
    3⤵
    PID:9492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
    3⤵
    PID:14380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
    3⤵
    PID:8092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
  2⤵
  PID:6540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
    3⤵
    PID:10352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
    3⤵
    PID:14868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
  2⤵
  PID:9524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
  2⤵
  PID:13688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
  2⤵
  PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1356 -ip 1356
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7344 -ip 7344
1⤵
PID:11396

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe

Filesize
468KB

MD5
42529887153e2628e5a6cab32a62de01

SHA1
af6cb36c2884e91bec8ef1e4a81d88757722ff52

SHA256
9d1f01593f3739b47e44c0be9b5d55a6c99ae0aac9a0a1306215f76456d18023

SHA512
aa18a60e203e769357fd11c9f668131985b1de20dca5cb913535dbe0901cd2b5473fb85107f52ee2a6d56fd28cc70b967bb3f732ab9b304853609cbf88132e49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe

Filesize
468KB

MD5
feb6c1b5ca931e1ae65f9ec4293f454a

SHA1
f56f53bfa4d51e581316b40967afa62d45f18c82

SHA256
98ffde2c7ab6f9af47324d3f773463c99674a5d0205dd4cc51f23608ac65d1e9

SHA512
00a8eae7e351dae3f64ba997ee8f82db926c2fecd3a80387aa77299fddfb6165bdfbb7295079d5bb6e004af7923eb0a45792596ce73ee8a7321527170dbc3cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe

Filesize
468KB

MD5
de620a5449fc8e3ec84787bb865d2945

SHA1
bf1b7c1d989d39c4d126bc35d44d27561aa4c944

SHA256
bbfe09d9fb02a1e9da3c80e90ce55d923359fe19826b6cabb5f75cce58802459

SHA512
0fa88a614753f4e0c06fc772244c030ff9d572b22aae7ef41c443456e02f17224937a60974fc2063b4fc81b4f4e3daa6b8e91c3154ac421093dd97001323d5c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe

Filesize
468KB

MD5
5db9c037ba5f06801069555357070896

SHA1
442c31aaeee6dc373d1af035c1495441464711f7

SHA256
f2ebc381b1e6f28e2767a5b778ffdefee7e2f21f9d13d9949569333408f2f676

SHA512
b15ded7d3fa27ada8749b36b1eb064d87363c6eae528de3ea6350546eb35c9ecd13aab9efd249e8e5662002d32554d2ab7826c9bf10f601ef38acea79b28e964

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe

Filesize
468KB

MD5
3525d5d98d9a891caf02572822fdecde

SHA1
c9f82cc9157e7f6160f77e7678194624a829e0e2

SHA256
39e1f082fac13e87f3b4b2e1bf219d72494160b002f93cf785fb4b16b43642e4

SHA512
bfc15d2f5fe3135dc977a5add810311dce45b78c9e78a8c8cae129bcc79ba13a3af324cca9f56b37048e882d1d78a13bef2a64303a420f59b811d61c4c76ca75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe

Filesize
468KB

MD5
0c1ec98680f354dfa19575791563877c

SHA1
2e4adf315f91c63c6d70b6fd0247bda6b3e2192c

SHA256
0160579e6a99e804ac9189ed891fcfa7a687ef9141e5177c0adbcf038b49bc00

SHA512
0674b5b4414670e37f3e89a8134f50896315680f5e735945cbccdfcc85b8ff5258dc1146f1f20ca37fd6c0c70f6b2e6c5ea2a1c3a1f582dc9ed7361a42c4c453

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe

Filesize
468KB

MD5
e83e5464c0320f5d9b7bdbd4b02a27a6

SHA1
9201077ceee5d1700f76dadc92d6a2319bd8b91b

SHA256
e45963c4398fe9af70f851beaf3b9506eae0a6d2ea057485ced9cbec96714f3f

SHA512
604ee649850704ef0af6d5bbb09f956a974663956d0f97fd36ee301e93edac63d0b1a46a8982e1232660af94a4fdb5705c84f5eeced24d5df4c7283065b88bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe

Filesize
468KB

MD5
f4f012270b60a92f59123bac892bcf4f

SHA1
4fb68f875514ae85810f1eb07d5e5b8d27a6d94a

SHA256
5357cc78432783adf1f26a378295c278123b236a359fca9dc17dd26c14dac946

SHA512
4c0ce0f35365df609eeddef0d75b7ad629ee0f31ed7575b135669cf0e8ef40c81eafda713dda06ae184ded49985db887d0dd27a1a1e9fa81b45c270edbd9f00d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe

Filesize
468KB

MD5
1eebc7c58ba34654fd26bcdec83b516f

SHA1
7c96851c7e4249efac82e6b7e3b155c52afe5e12

SHA256
b68f8b3a5c9a407374a25866a38445441a8b5984dea45da92bba5b0652a61963

SHA512
10c4aad016d6d054902ced6e8f23eaa93d372d587303b5e810335bb9746b344f88bdb218617515a4a9b6eaaea76ed1354f6bfb45944f8800117601004872a1b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe

Filesize
468KB

MD5
d35091e293d81ea2af8ed6224c8984de

SHA1
afbe9e8d73eba172a43e66ce1a3be7cc3772e526

SHA256
e4460c105dbdd1fb47df48454e1962b630e403acf36cf7b67a97f411e5403ac6

SHA512
0ad314443a62187ab022d29f72ee198109c23796b23e8837d4deebf21844f9ccc5977d969009a8aa725e973cbbad5aa3d8be8e3d3659986dbe54432be3ef0a9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe

Filesize
468KB

MD5
81cd70d52f99b7ba0235c21ea5ed5228

SHA1
3b0972f12de942053084db0c6d1fd81b26b35eaa

SHA256
9c839641ef35bc0f198334281a46c315939621fb005001ad61b90d34893691bd

SHA512
ea60e736287ae7b014948cb8bb54fdd034a47d8c54709f7876c908c2c3d92e848ee7922db585a312cc4481a3586d305a29e61e073ad5c9ebd9426aecae2f8ce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe

Filesize
468KB

MD5
dc9dc385b3d936586fe819ce09e9f97b

SHA1
0d4b022b14204f3c6f1d56cf653ce734e4a1b71e

SHA256
68baa92ce371089094dfe95f541cb61d3c53b2523f471fd0c37c41419f63a400

SHA512
8d4ebd8e3cecf12a4a4cf850730869c3ab76a4ca588ec9b4e99a9478b27282062bf19ef35cf993f7d2643d993033a3c26800e29ed30eae8fb8500b980845e971

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe

Filesize
468KB

MD5
3a3b0cc3dd2bbc04010df6b0b5c5e2c1

SHA1
e9136dc6acee96c410134adf8d3bdce6363daa53

SHA256
32edf3d927bebc368f2aa2147ef143f8a2d34f9ebc6b75994a7390722a804d28

SHA512
85416b0fa66f025a3c024dbb405fd3c4ccb2bd92c60556799a82141a4e1af23c30d1ed6c164b07d34759a92dba48231905cf786b1613ee20550b5f047196a5ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe

Filesize
468KB

MD5
299652cb02428f1d3392e63ca0cd0244

SHA1
08504cd5fa06e490fb1017c1c5de701dc14c4381

SHA256
2b9a5d059b3db90d4fcee7e83589bee8e4ee049e97e789110d7a43b496fbaa86

SHA512
8fb05a1093ea920330fea09ff2a433722696dff676812f26dd6da562c4e24cb6bcd377d377d38f89af407025ad39f8b6db6762d64b0444948bd7168f5d8f16b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe

Filesize
468KB

MD5
302c78a63769b5aa25550ac9ee6d9516

SHA1
e304b5af4519f5da664d6965f3a9a33046d71bc8

SHA256
cbfee1d434bbdc64ecbc35817d299fcc44d6bca47c7a972435958f697f162335

SHA512
8f0cd90fe33a93e4b15e9ec7310d33bd5ca3805e11d288653d4dc2129a2751aeafcd348770a774bd5c42912fa33f1718fc8ce7070055b975dadcea88db3641f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe

Filesize
468KB

MD5
1df2f7c6193ecdb1515c76b16af7a4b3

SHA1
687c605984272d392e541ec20e626a99944035b6

SHA256
2c47c7a354020034aa1997aac1d62ad2344d9ed70a55609afae067fe074b46c5

SHA512
553acf91e6fe646fa0ec0ea91b8b2b17a3aed5af9e1c678f88f8a307a14da0f4f302c51b703cbbe24e0c478be79beee271a69e243bfff9d54fffc9dd01953d28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe

Filesize
468KB

MD5
917016acaca780f157d4cf8fcc90906c

SHA1
1250c90da313da6cae1bb4219e554e77c956f343

SHA256
f4dc27eeeb77c94f525aff3405532ffb93354b4647bb574533777df0bef3e4aa

SHA512
4aac77069cc3c44c5d0a1b8ca84523b7872bac9a07be84bedb85ec2186cdb680ac1f0ece654dbfc2603fd02ac215e8bc0c0ffa1e7458661bb3e6091bcea6182e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe

Filesize
468KB

MD5
8e8fd5c37460caac7e2517f355bdbb83

SHA1
1e5004d69e142946badb705d5745787663f9f9a1

SHA256
0398cfbdf3b633d664aaa11da0b6cf455ae11cfca10a29fd4a118225e903cfff

SHA512
f9e113b2b9676ce48f598070a5a338e6293e85b9fef79aed77e6c5cb89ff3b25f973f166ca8eedc17491e206a3d082fb467bba93166b2d7932f44980ba7a6061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe

Filesize
468KB

MD5
f81adeed4a0592bf4713d9b413fd1ad1

SHA1
f630fd6e2d166b6d44f6ef808c46d960dc8c867e

SHA256
90dcf89f2a9a51bebd0424edea32726918537c0cb644a4fc84fc051c0b2404e9

SHA512
7f32d392297ccb41d033ff9b80da0f23f3f7e4d6bef03b8260ea55e90f957fcd967627bd1a204f15feaf5aefbe38cee93a7483c3db52400dfab6c20aee6b9186

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe

Filesize
468KB

MD5
619d1d6b86360433ba26f544e9d10ea2

SHA1
d1b7b1b4fd91cdff25b3ef9fcb1291381ae6f5ba

SHA256
793e33f25adb5bd1b75c5800c8b3003a3076a2af611c240a4022e28ace7c7b05

SHA512
11a3333fe597c0a3c8360afd3b0f18a3afb6faf78f5435ce18228e1074c52545a2755419d4dc382563dbec074695b29d9654f8ba1a7568a101dc8a3f25ebf5ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe

Filesize
468KB

MD5
45d8a971a5d9b51ef5b084ecaebae9e7

SHA1
fda1fb9753eb19d85c6e3f760348e590aa9ab680

SHA256
484ca1d42e122be7cc4c19f88b13bfa0d9064e70d4a3533742c2113c56e07f5a

SHA512
9ddacd422bab53778f474763f53b68522b5265711274245d568c5592efbada008ba69a49860e7305a73458dd018a4a1f164905642306360d36717982b651b736

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe

Filesize
468KB

MD5
1fd279f59e0984bb697067373c1e1678

SHA1
46f8ec3fbeef7a8c8a590f1bb8acd61af6a520f5

SHA256
f345179046966a325bad4116685de5c59fdc2ad72b207b89dd9ead827cf45187

SHA512
c009a46c2b5de51bf45a66b6c2cf7e2e10d054973884a88bd5a9f681cdbf34e86262a2bd72aa97c6eb0ce2b54bf6ac63a215822529ba336f8b39e1618f3d8af1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57196.exe

Filesize
468KB

MD5
714e0f73545ca7489b11577401709355

SHA1
267ad946e2dec1e00c24bd858bf82720e6128170

SHA256
9e8d5dba786293e3a7dc612466d3663c0ac7f08f865e38f41a12cf1a0bcced6a

SHA512
411d4e481b60fb7d52afc9bd9a73877c5d3a515ac7f6591a28aef079f57c4b397862ff41a31f209ca830031c8aee81f92762e0eab2c5cb5a574ac127765c2c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe

Filesize
468KB

MD5
2ef0476bdd62604236bd1307232c690d

SHA1
143799ceef1c513dd77fbbfcb882d39e9b896375

SHA256
6637e148f61b4fb359bdcb62fc39164bafc0a4a74cd20e5bdfb0fc3095beb65c

SHA512
8e8f197f9eff5a247b350c72dabe23ae13467c6a0d157a357a7944676b2e7a357cd05a1154a1b855a73c0e2faa30a605d1a1aa5cef716bb973dd952ae21e53ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe

Filesize
468KB

MD5
d2a868cc560090fb4437c4fb86ba4396

SHA1
e2def87c12f9e7c7e17e76068b5bebadd6a8bba8

SHA256
366b6c0b35dbe288f30fe4a37bfa8a38f633961ec5b057f56fd51f6cb586d962

SHA512
af81d04a96f339ede75b3bbd936d142981e44405945dac3c228006edaed70312a23c1f647bfb9401f920badb60c13b65815ecb46be9454f90045569a2f01076e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe

Filesize
468KB

MD5
054f5f4e66a6653da452a4d8703bf3c3

SHA1
36bd78dda3566d75b58e3e54fb9e99b84e83010d

SHA256
c2881345d9a7d49145d8c3151050b9929d15539e0fd5910ee5e1239260bb86ab

SHA512
af4627c5f0951a3d64982c23a121e033ee46fca9b19fe3c679bd2323472b1290b7f353c0a37e948f0252fe32880b3f6fcf14a3677bf567e9a48975c9b3cce4f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe

Filesize
468KB

MD5
493f00148b0e89fb89aa08f584eff32f

SHA1
0ff68b2b46f60213fa2b5a906e76e58626624454

SHA256
6b3666319da568ec9aaea8b6c99855cddcd9a358f85eca55fe3c48845e9b2de3

SHA512
0c685ca2bbf00123e8ca51e1cc9ddadcf42efa3d6b3f2c589c888568b494492781465c9e777a6a6cb5b693f359a7603a6dc8afc93fc458b95462a9e06b979831

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe

Filesize
468KB

MD5
f39735d9336a6d77b0bd9d1ed37efadc

SHA1
2d9f27edb6190bca0350fdabe1e7e2ea55287f4b

SHA256
547c2006d0d3eca3e1365994cacc2f2b57717c119c3f4a29cb41413279c780e9

SHA512
c00f8477e3134f673bf54356c9af9824dd1e03489960178a7c82ecbb97ecf885b2918f1ea092a1b483a1111ea94dece1e1339c0516dbd5bc632b2774b25ae071

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe

Filesize
468KB

MD5
e8ee4c6081b6bab81c97659801d21ad0

SHA1
a29432b751c5d9edfabc0ebe8155d4c024b38763

SHA256
c9d28f836443d5b2eea5e6d33331f7b9e25917e988bdf20dbc6c8f2d49ef3860

SHA512
ce34a9421035b5cac9b3f24f8aa5a96fd8138eee3df56d10dd2b332b8cde20afcc90de46f78675626d2a0f40260c793ba85402e74205391ab70486fbf277bc29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe

Filesize
468KB

MD5
8832028dbfc37c28c78ea001cfdb31c6

SHA1
060ccc45ed642cc97b2e23016e37155d427dfdaf

SHA256
bde86847d06e9a2b8c4b4e27821d2d3be2c8eedf5e12215e191a8accdb3ff54e

SHA512
16c7171ebc4ee44e172941ab6c2ca39ae92b9a42fda86e7fd4b669bd0bf070b8a3690303b83d1275905416e8ffc1fdc31c9f669188bdd5b841b28730632fa25b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe

Filesize
468KB

MD5
c7a33218eace0931a434fc33ba70093d

SHA1
4c890e002769f4df14f4b5c0ca95dcfe34738cf5

SHA256
00a72e243407a7b1d44821b00507c474c77428b59bc57058b31e3f89956dab76

SHA512
70f918db82cd2620b2491c3c3107d165e7151a5846413a6bb36ee9f2018cd3762fc23627d866aaa2a1e10c1afe16841945126eae574a74078fd065b5df2e8641

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe

Filesize
468KB

MD5
c3055f6f9f0f033a55f77c83a31412a5

SHA1
ab4a7888134087cec00acd122886ff19a212f7f3

SHA256
83c3e66a7df84295d4c4bdd4df1d7482bd95b7626a6fa5f374dda22187fde8de

SHA512
04f40031b8aee3201004035818f5532bbe2e670cccaefd4157d4bf187cf4fea15637f70751e46435733d1b1a2485de9eaff60f577bfbfd31f866be7081aed1b1

Download Submit
memory/376-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/400-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/548-94-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/564-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/644-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/668-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/868-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/948-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1036-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1260-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1576-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1632-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1680-2729-0x0000000075290000-0x00000000752A8000-memory.dmp

Filesize
96KB

Download
memory/1680-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1848-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1852-2745-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1904-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2088-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2120-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-2784-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2240-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2468-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2488-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2632-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2672-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2888-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3004-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3060-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3080-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3088-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3120-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3124-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3156-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3168-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3180-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3236-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3288-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3436-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3452-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3480-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3568-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3592-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3628-115-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3712-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3728-57-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3748-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3764-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3920-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3976-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3980-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4044-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4184-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4232-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4232-109-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4248-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4304-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4464-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4480-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4484-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4616-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4680-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4724-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4740-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4804-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4812-136-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4828-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4876-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4920-475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4940-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4944-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5020-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5052-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5384-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5432-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5448-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5464-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5492-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5516-533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15056-2781-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15932-2638-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads