05024bc47259cfcb22519f59b29ba3df5f6791a0097bc19c4a7ad4614a9049b4

Analysis

max time kernel
112s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1992634a073c924fa4e11a925d9f68c0N.exe
Size

468KB
MD5

1992634a073c924fa4e11a925d9f68c0
SHA1

fabb1ca69022136ad47cb54a0295550079cfad4c
SHA256

05024bc47259cfcb22519f59b29ba3df5f6791a0097bc19c4a7ad4614a9049b4
SHA512

831f63260c8b69659c7e6185cc94634556a3ac244eea1c47245eb23896b36b4e1a0a1eab7a37d044f7437fa34d43765e924bbc8ce31531c5b6075f279374765e
SSDEEP

3072:GbACoBIdl05Ut6YTP0NjffB/qd3FompynmHexVERF7M3+N/uFXvp:Gb1oW8Ut7Pojff9mY4F7Cq/uF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1804	Unicorn-36582.exe
2760	Unicorn-49986.exe
2732	Unicorn-64739.exe
2628	Unicorn-7453.exe
2112	Unicorn-58045.exe
2676	Unicorn-62129.exe
2248	Unicorn-37717.exe
2484	Unicorn-49960.exe
2544	Unicorn-24064.exe
2936	Unicorn-48014.exe
2892	Unicorn-21682.exe
2504	Unicorn-60842.exe
1396	Unicorn-60842.exe
1756	Unicorn-9595.exe
2992	Unicorn-61397.exe
1316	Unicorn-51268.exe
2584	Unicorn-4760.exe
2480	Unicorn-18980.exe
2244	Unicorn-62050.exe
2492	Unicorn-6727.exe
816	Unicorn-53905.exe
1684	Unicorn-49514.exe
2056	Unicorn-34146.exe
1188	Unicorn-26956.exe
2644	Unicorn-26956.exe
1368	Unicorn-44361.exe
1536	Unicorn-36747.exe
1552	Unicorn-23618.exe
1688	Unicorn-34247.exe
1276	Unicorn-33982.exe
940	Unicorn-53276.exe
1724	Unicorn-55435.exe
1788	Unicorn-35491.exe
764	Unicorn-25839.exe
1744	Unicorn-53873.exe
2716	Unicorn-46452.exe
2736	Unicorn-25285.exe
2832	Unicorn-2269.exe
2612	Unicorn-14786.exe
2752	Unicorn-18101.exe
2780	Unicorn-3110.exe
2728	Unicorn-7941.exe
2620	Unicorn-27807.exe
2184	Unicorn-29844.exe
840	Unicorn-48227.exe
2896	Unicorn-48227.exe
1924	Unicorn-39767.exe
536	Unicorn-26031.exe
1936	Unicorn-45897.exe
2932	Unicorn-58149.exe
2948	Unicorn-58149.exe
3068	Unicorn-50728.exe
680	Unicorn-39867.exe
2424	Unicorn-39105.exe
988	Unicorn-48035.exe
896	Unicorn-19565.exe
2296	Unicorn-33898.exe
1792	Unicorn-40443.exe
2300	Unicorn-31568.exe
1656	Unicorn-13115.exe
2100	Unicorn-58787.exe
2212	Unicorn-17754.exe
1040	Unicorn-41704.exe
2260	Unicorn-4947.exe

Loads dropped DLL 64 IoCs

pid	Process
2488	1992634a073c924fa4e11a925d9f68c0N.exe
2488	1992634a073c924fa4e11a925d9f68c0N.exe
1804	Unicorn-36582.exe
2488	1992634a073c924fa4e11a925d9f68c0N.exe
1804	Unicorn-36582.exe
2488	1992634a073c924fa4e11a925d9f68c0N.exe
1804	Unicorn-36582.exe
2760	Unicorn-49986.exe
1804	Unicorn-36582.exe
2760	Unicorn-49986.exe
2732	Unicorn-64739.exe
2732	Unicorn-64739.exe
2488	1992634a073c924fa4e11a925d9f68c0N.exe
2488	1992634a073c924fa4e11a925d9f68c0N.exe
2112	Unicorn-58045.exe
2112	Unicorn-58045.exe
2760	Unicorn-49986.exe
2760	Unicorn-49986.exe
2248	Unicorn-37717.exe
2248	Unicorn-37717.exe
2488	1992634a073c924fa4e11a925d9f68c0N.exe
2488	1992634a073c924fa4e11a925d9f68c0N.exe
2676	Unicorn-62129.exe
2628	Unicorn-7453.exe
2676	Unicorn-62129.exe
2628	Unicorn-7453.exe
1804	Unicorn-36582.exe
1804	Unicorn-36582.exe
2732	Unicorn-64739.exe
2732	Unicorn-64739.exe
2484	Unicorn-49960.exe
2484	Unicorn-49960.exe
2112	Unicorn-58045.exe
2112	Unicorn-58045.exe
2544	Unicorn-24064.exe
2544	Unicorn-24064.exe
2760	Unicorn-49986.exe
2760	Unicorn-49986.exe
2892	Unicorn-21682.exe
2892	Unicorn-21682.exe
2488	1992634a073c924fa4e11a925d9f68c0N.exe
2488	1992634a073c924fa4e11a925d9f68c0N.exe
2992	Unicorn-61397.exe
2992	Unicorn-61397.exe
2732	Unicorn-64739.exe
2732	Unicorn-64739.exe
2936	Unicorn-48014.exe
2504	Unicorn-60842.exe
2936	Unicorn-48014.exe
2504	Unicorn-60842.exe
1756	Unicorn-9595.exe
1756	Unicorn-9595.exe
2676	Unicorn-62129.exe
2676	Unicorn-62129.exe
2248	Unicorn-37717.exe
2248	Unicorn-37717.exe
1396	Unicorn-60842.exe
1804	Unicorn-36582.exe
1396	Unicorn-60842.exe
1804	Unicorn-36582.exe
2628	Unicorn-7453.exe
2628	Unicorn-7453.exe
1316	Unicorn-51268.exe
1316	Unicorn-51268.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4276	2124	WerFault.exe	107

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1992634a073c924fa4e11a925d9f68c0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24360.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2488	1992634a073c924fa4e11a925d9f68c0N.exe
1804	Unicorn-36582.exe
2760	Unicorn-49986.exe
2732	Unicorn-64739.exe
2112	Unicorn-58045.exe
2248	Unicorn-37717.exe
2628	Unicorn-7453.exe
2676	Unicorn-62129.exe
2484	Unicorn-49960.exe
2544	Unicorn-24064.exe
2936	Unicorn-48014.exe
2892	Unicorn-21682.exe
1396	Unicorn-60842.exe
2504	Unicorn-60842.exe
2992	Unicorn-61397.exe
1756	Unicorn-9595.exe
1316	Unicorn-51268.exe
2584	Unicorn-4760.exe
2480	Unicorn-18980.exe
2244	Unicorn-62050.exe
2492	Unicorn-6727.exe
816	Unicorn-53905.exe
1684	Unicorn-49514.exe
2056	Unicorn-34146.exe
1368	Unicorn-44361.exe
2644	Unicorn-26956.exe
1188	Unicorn-26956.exe
1536	Unicorn-36747.exe
1552	Unicorn-23618.exe
1276	Unicorn-33982.exe
1688	Unicorn-34247.exe
940	Unicorn-53276.exe
1724	Unicorn-55435.exe
1788	Unicorn-35491.exe
764	Unicorn-25839.exe
2716	Unicorn-46452.exe
1744	Unicorn-53873.exe
2736	Unicorn-25285.exe
2832	Unicorn-2269.exe
2612	Unicorn-14786.exe
2752	Unicorn-18101.exe
2780	Unicorn-3110.exe
2728	Unicorn-7941.exe
2620	Unicorn-27807.exe
2184	Unicorn-29844.exe
2896	Unicorn-48227.exe
840	Unicorn-48227.exe
2932	Unicorn-58149.exe
1924	Unicorn-39767.exe
2948	Unicorn-58149.exe
1936	Unicorn-45897.exe
536	Unicorn-26031.exe
3068	Unicorn-50728.exe
680	Unicorn-39867.exe
2424	Unicorn-39105.exe
988	Unicorn-48035.exe
896	Unicorn-19565.exe
1792	Unicorn-40443.exe
2296	Unicorn-33898.exe
2300	Unicorn-31568.exe
1656	Unicorn-13115.exe
2100	Unicorn-58787.exe
2212	Unicorn-17754.exe
1040	Unicorn-41704.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1804	2488	1992634a073c924fa4e11a925d9f68c0N.exe	30
PID 2488 wrote to memory of 1804	2488	1992634a073c924fa4e11a925d9f68c0N.exe	30
PID 2488 wrote to memory of 1804	2488	1992634a073c924fa4e11a925d9f68c0N.exe	30
PID 2488 wrote to memory of 1804	2488	1992634a073c924fa4e11a925d9f68c0N.exe	30
PID 1804 wrote to memory of 2760	1804	Unicorn-36582.exe	31
PID 1804 wrote to memory of 2760	1804	Unicorn-36582.exe	31
PID 1804 wrote to memory of 2760	1804	Unicorn-36582.exe	31
PID 1804 wrote to memory of 2760	1804	Unicorn-36582.exe	31
PID 2488 wrote to memory of 2732	2488	1992634a073c924fa4e11a925d9f68c0N.exe	32
PID 2488 wrote to memory of 2732	2488	1992634a073c924fa4e11a925d9f68c0N.exe	32
PID 2488 wrote to memory of 2732	2488	1992634a073c924fa4e11a925d9f68c0N.exe	32
PID 2488 wrote to memory of 2732	2488	1992634a073c924fa4e11a925d9f68c0N.exe	32
PID 1804 wrote to memory of 2628	1804	Unicorn-36582.exe	33
PID 1804 wrote to memory of 2628	1804	Unicorn-36582.exe	33
PID 1804 wrote to memory of 2628	1804	Unicorn-36582.exe	33
PID 1804 wrote to memory of 2628	1804	Unicorn-36582.exe	33
PID 2760 wrote to memory of 2112	2760	Unicorn-49986.exe	34
PID 2760 wrote to memory of 2112	2760	Unicorn-49986.exe	34
PID 2760 wrote to memory of 2112	2760	Unicorn-49986.exe	34
PID 2760 wrote to memory of 2112	2760	Unicorn-49986.exe	34
PID 2732 wrote to memory of 2676	2732	Unicorn-64739.exe	35
PID 2732 wrote to memory of 2676	2732	Unicorn-64739.exe	35
PID 2732 wrote to memory of 2676	2732	Unicorn-64739.exe	35
PID 2732 wrote to memory of 2676	2732	Unicorn-64739.exe	35
PID 2488 wrote to memory of 2248	2488	1992634a073c924fa4e11a925d9f68c0N.exe	36
PID 2488 wrote to memory of 2248	2488	1992634a073c924fa4e11a925d9f68c0N.exe	36
PID 2488 wrote to memory of 2248	2488	1992634a073c924fa4e11a925d9f68c0N.exe	36
PID 2488 wrote to memory of 2248	2488	1992634a073c924fa4e11a925d9f68c0N.exe	36
PID 2112 wrote to memory of 2484	2112	Unicorn-58045.exe	37
PID 2112 wrote to memory of 2484	2112	Unicorn-58045.exe	37
PID 2112 wrote to memory of 2484	2112	Unicorn-58045.exe	37
PID 2112 wrote to memory of 2484	2112	Unicorn-58045.exe	37
PID 2760 wrote to memory of 2544	2760	Unicorn-49986.exe	38
PID 2760 wrote to memory of 2544	2760	Unicorn-49986.exe	38
PID 2760 wrote to memory of 2544	2760	Unicorn-49986.exe	38
PID 2760 wrote to memory of 2544	2760	Unicorn-49986.exe	38
PID 2248 wrote to memory of 2936	2248	Unicorn-37717.exe	39
PID 2248 wrote to memory of 2936	2248	Unicorn-37717.exe	39
PID 2248 wrote to memory of 2936	2248	Unicorn-37717.exe	39
PID 2248 wrote to memory of 2936	2248	Unicorn-37717.exe	39
PID 2488 wrote to memory of 2892	2488	1992634a073c924fa4e11a925d9f68c0N.exe	40
PID 2488 wrote to memory of 2892	2488	1992634a073c924fa4e11a925d9f68c0N.exe	40
PID 2488 wrote to memory of 2892	2488	1992634a073c924fa4e11a925d9f68c0N.exe	40
PID 2488 wrote to memory of 2892	2488	1992634a073c924fa4e11a925d9f68c0N.exe	40
PID 2676 wrote to memory of 2504	2676	Unicorn-62129.exe	41
PID 2676 wrote to memory of 2504	2676	Unicorn-62129.exe	41
PID 2676 wrote to memory of 2504	2676	Unicorn-62129.exe	41
PID 2676 wrote to memory of 2504	2676	Unicorn-62129.exe	41
PID 2628 wrote to memory of 1396	2628	Unicorn-7453.exe	42
PID 2628 wrote to memory of 1396	2628	Unicorn-7453.exe	42
PID 2628 wrote to memory of 1396	2628	Unicorn-7453.exe	42
PID 2628 wrote to memory of 1396	2628	Unicorn-7453.exe	42
PID 1804 wrote to memory of 1756	1804	Unicorn-36582.exe	43
PID 1804 wrote to memory of 1756	1804	Unicorn-36582.exe	43
PID 1804 wrote to memory of 1756	1804	Unicorn-36582.exe	43
PID 1804 wrote to memory of 1756	1804	Unicorn-36582.exe	43
PID 2732 wrote to memory of 2992	2732	Unicorn-64739.exe	44
PID 2732 wrote to memory of 2992	2732	Unicorn-64739.exe	44
PID 2732 wrote to memory of 2992	2732	Unicorn-64739.exe	44
PID 2732 wrote to memory of 2992	2732	Unicorn-64739.exe	44
PID 2484 wrote to memory of 1316	2484	Unicorn-49960.exe	45
PID 2484 wrote to memory of 1316	2484	Unicorn-49960.exe	45
PID 2484 wrote to memory of 1316	2484	Unicorn-49960.exe	45
PID 2484 wrote to memory of 1316	2484	Unicorn-49960.exe	45

C:\Users\Admin\AppData\Local\Temp\1992634a073c924fa4e11a925d9f68c0N.exe
"C:\Users\Admin\AppData\Local\Temp\1992634a073c924fa4e11a925d9f68c0N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36582.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36582.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49960.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        10⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        10⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
        7⤵
        Executes dropped EXE
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
        7⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        6⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62228.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        7⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
        6⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        6⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53437.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
        6⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        6⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        6⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        7⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        5⤵
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        7⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        5⤵
        
        PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37999.exe
        8⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        7⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        7⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51870.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        7⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        6⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        7⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        6⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57241.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        7⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        6⤵
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1915.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        6⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        5⤵
        
        PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        6⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        7⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        6⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        6⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28252.exe
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        6⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        5⤵
        
        PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37999.exe
        6⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
        5⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        5⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        5⤵
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        5⤵
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
      4⤵
      PID:596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
      4⤵
      PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        7⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        7⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        6⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        6⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        5⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10556.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        6⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        5⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57241.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        6⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        5⤵
        
        PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
      4⤵
      PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
      4⤵
      PID:5768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        5⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        6⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        5⤵
        
        PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
        5⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        5⤵
        
        PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
      4⤵
      PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14397.exe
        5⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        5⤵
        
        PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
      4⤵
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
      4⤵
      PID:568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
      4⤵
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
    3⤵
    PID:4004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
    3⤵
    PID:4748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        7⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        6⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        7⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        6⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        6⤵
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        6⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        7⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        6⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        6⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
      4⤵
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
      4⤵
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
      4⤵
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
        5⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        5⤵
        
        PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
      4⤵
      PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
      4⤵
      PID:5172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        6⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        5⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        5⤵
        
        PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
      4⤵
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
      4⤵
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        5⤵
        
        PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        5⤵
        
        PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
      4⤵
      PID:292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
    3⤵
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
      4⤵
      PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
      4⤵
      PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
    3⤵
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
    3⤵
    PID:4580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
    3⤵
    PID:4608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
        6⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
        6⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61823.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        5⤵
        
        PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        6⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        5⤵
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
      4⤵
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
      4⤵
      PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
      4⤵
      PID:948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23618.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        5⤵
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21946.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
      4⤵
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
    3⤵
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
      4⤵
      PID:2868
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 232
      4⤵
      Program crash
      PID:4276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64263.exe
    3⤵
    PID:1856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
    3⤵
    PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45250.exe
    3⤵
    PID:5676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
        5⤵
        
        PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
      4⤵
      PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
      4⤵
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
      4⤵
      PID:4596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
    3⤵
    PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
    3⤵
    PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
    3⤵
    PID:5024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
      4⤵
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
      4⤵
      PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
      4⤵
      PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
    3⤵
    PID:2412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
    3⤵
    PID:4232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
    3⤵
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
      4⤵
      PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
      4⤵
      PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
    3⤵
    PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
    3⤵
    PID:5340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19297.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19297.exe
  2⤵
  PID:1304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29831.exe
    3⤵
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
    3⤵
    PID:3680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
  2⤵
  PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
  2⤵
  PID:4016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
  2⤵
  PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe

Filesize
468KB

MD5
81c0e52f70acd4bd9179352dae48025f

SHA1
4ee9f3a5df1e23c9620a9b05c1c43e6a6bc5913c

SHA256
818d74aef1ef22e09c66787d2f3789f1385ea7a41a0d0ffaab9b59247c9d44f2

SHA512
071f6db44cd1f1c8b542a1f0eaa7f9fab18ad0ee2e9a707bcc3da4fe9fa5998c306b420e3876c9a7578606a80d9fddf8bba91bc0c353987fccc0c9a6aac5d2d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe

Filesize
468KB

MD5
9e3ff07213e3ecd6b37b8c2f821ab5d0

SHA1
70fe5e54b4ed4f7866e595aedf0182b21e241357

SHA256
b4290cc1e2d4d548c69bc8e9870f78ec20dc322cbdd3c352f65a03aa45911321

SHA512
6e15476cee0b72e3cc81ad5980fdea19d6e6721c5fb3d46d4778b4e61f6100723eb82d716dcacb2153c7ad4d1867c6b86781b67c8b593ef6ab4fe336246a9c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe

Filesize
468KB

MD5
4f2a2cbe3864e6ea3ffab9959a382abf

SHA1
ed680c2118cb6a7959b35f627b3e579e51c94797

SHA256
5c768e5bbcdf4653f536d73196dab5f179c7a74d22c7116afef463d184f086b0

SHA512
a675d3298f7f10b23ed5b346364bdcd0f8c56c3008e2a528dcf6fa7336155f44c895611b4a7f32414c5aca8ab2aa4a7bc0be4cfa893fd88f55e9e2e242048575

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe

Filesize
468KB

MD5
b742a101cd7c68e85f16726217c7cd4e

SHA1
b8090ba262f3521af86bc2ef6daa283c6016844c

SHA256
8733629158bc2386acde25bf4cc92a4d7d9f36ef51828c37cbef49107d0d1ff8

SHA512
716526359f2ff37e8e0d07ee955e43b10f29009d55dd060d9cca2cdeb25cf4b850b716f799bf359edfc022800c6261e316160e81b8dc63c47cd000967d98873c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe

Filesize
468KB

MD5
162d7e5d0ffc7fcc18c2a5fab3a40e49

SHA1
4a321d0f0d0eff5152f7e27d930f40d1fac5a705

SHA256
352e63df34d9842f3a463ea45d4f65cfc3a5b0f540200de9dbe95d275e02b341

SHA512
208a876895c96f6981961ff8f601f22827a7cc14ab60567d73a7cc6c3565c60a51b95c4284bee4e81b5a78dd40fdb941a8f4ecfb91722fc7bb88cf9695715cf7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe

Filesize
468KB

MD5
bf520809061c7c5716b96bb16805f2e5

SHA1
d40749b90a3327d64c97317d4ea0fb8ff93d2f24

SHA256
da2d392d97306c41f7c1f59f42ae9bb4311935479aed1123afa72c3a5dc4d124

SHA512
9788fb99f2e0079807e6b003a6d293b1a7a61d73bad1a0f5c23247bd6426b8a272a982cae45e12912c4f11a9bb18d252c11b922a1bb0b9bd77c86218d70c8b80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36582.exe

Filesize
468KB

MD5
923ea9b8b7ec6cc5ae2e34d4feaad6f1

SHA1
e2052be4dbfb5ac40df5f5cb85195a422caa83e1

SHA256
fc3ff851a3dddb39c7785132fe48bbbef49d133b5c760f7f67ffa188b0af885b

SHA512
5ca05ef2109267700a166399675de8d6b69f70905148be075366cd1383b688af3d71cd35509521888d640ca0d6f145ecae71e904546c196646339ced2ceb396e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe

Filesize
468KB

MD5
25a4284efe8c55c994f0ef8b3484749c

SHA1
81e417781f1075708fd69aaa9e6e39e1dfd34444

SHA256
8a999b070a489a9136580fa924cd6d1452c9b31d6d64ac87b2bd58245f135171

SHA512
c504cb020bbaefd64abca8184b1096462a0cbcf6cec4ba6145472429130bffa3115ae7d99c7c1bda6dfcabdb749659fd1cb1b6bffa5bbb8261cfff13fb425e3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe

Filesize
468KB

MD5
021905382169d37735f908117901b07e

SHA1
982b498c8d581db89ffedbdd05a5108084811ee6

SHA256
ba6d0924e7d1d1f7e61c0c0f3467299b776557403e317190d6c5e5ccf26e3276

SHA512
010841d768314f9ffc8a02ed3288fe365f621bdc4e3a63a251fa9e448e83851d35c0eb1a66854261b10134155c8e0560c589460859357c70dd6704098f96b970

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49960.exe

Filesize
468KB

MD5
9370980fe1b88bae96d769e5611c442b

SHA1
dfa088d8adb1e892bc86b10624805797b9b6f159

SHA256
f70c0ece8e4ed2b4454c8da1e6488ff7eb7784e3307bfb9d8b5127330ce422a9

SHA512
8cd45b4fd484665386e7645900736c8ad88eb3ee051e5c6e1d349755f395ff751feadd0dac0448e465d455918b0349ec95add489e275ad24ef680f35ad718180

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe

Filesize
468KB

MD5
f21ca4cf66b8a59effba8111e7b4d450

SHA1
803737c80b1d1e5ca8b91f5163dda0913f392e3c

SHA256
351386fc59062ec797ce30580db06e5c5dac1d92fbadc99a538ced96abd2abab

SHA512
baede54c44f25710e9d030add69186d7a65092a4c9a8d64cf3a4061b6c497e91a6752829b69d4c0292992578dd462c8602534b5999dc37423ea85811ac975ad8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe

Filesize
468KB

MD5
3f79ee4e33cab0192ac2a526ddde3c1a

SHA1
f54fb1f3bd855ab23034f9e9d57b108a94a58b1d

SHA256
6c60f18a0a8ba72fefd3c5aa456438a8cf6030c66ad994f5c0c71dc85de7b9bd

SHA512
abc665b8ede9d1bd8439eec5ec295051081279cadd34c0fb3cbfb2c6ca1f2f1a2708aff51b3e8b9fe181304ec44c1336638616652e0147d54005087c9de3a035

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe

Filesize
468KB

MD5
4dc5031d3c7b997cc2ca4dcad4d69cd9

SHA1
e99b64f3c3aa4217cef31c1cb7ed71c68bff4528

SHA256
fcb8afb53d849a4e6ca40f31a95afa6c80672d0fac7184ad9a95c1fbb397b667

SHA512
36987a85e41768fae6a81e6b0f39d447c11eebf5bf86be4ad0a8906ad4fbf0fd8ecda9f07c8ebe67d1beb1d2c7a62f80bf38718e449107b203b8c084d124a8fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe

Filesize
468KB

MD5
e2c29a33c774c18fadaf5c461f67a72a

SHA1
fd691af961de8bf74fece406d70daf1f650fdb31

SHA256
301c2626d96fa0fa88e5c0c4bc31e09f57b4411f05f27e8dd64d3d2866f1be14

SHA512
7060eda12067c11a7bee217506874b26a1afbb379f449066737e0d7e99f2ea0ce4a13f755ec73af86a85fae4ff6448cb3aebfa3f26686dd6a8404e2f62e7ea0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe

Filesize
468KB

MD5
55a8e4ede1fe54d5690ef8738b272417

SHA1
e001c365e51a7eb2da48a7003b5e33f538ce34a0

SHA256
babced477aeda31196e8fb8648cc68cf0f5cc84a9ab5f0d48d323b626054a67d

SHA512
d74af610f387f6ed065b24cc6a22835e11e2703ad025ae4f193fb55c36325d496c86c470fdbb520d8188f330c1ea6ea88d4baa97e4762d4d0693b178462c99c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe

Filesize
468KB

MD5
9fcc2eaf3f8a0dfeb8eeef34555cb62e

SHA1
565f2e0250d158b42be3a61e22af7cf462bdea1f

SHA256
361292b727135a34d990c9751f88def885b91ef2f91f177ae1e8bbbd1e8ee9b8

SHA512
6e04335cbfb6f8b8a6a35f6781660dabf6429179f0e9df52130daa49477577ba20bc87aba9e03d3d2ac2701728e5e2ba26ad2fc70a6642a1675e1ae912e6b7ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe

Filesize
468KB

MD5
21e5a56022f2a4684ad0e68dfd7b8bc1

SHA1
481e172399765b3e06ba33c37b256dd1d9c57ca0

SHA256
f86dd45d965ea7afb7151ffa1407ec54f657558a82e4c06fba0ee263a0c1d7ed

SHA512
3cc3937825c4a22f014495532e6f7d552fb19467032d0339444d0c1d77db0db9086c42623960167b4dd1f077602d48e2418aef5a593fc68e906e243e37ffda31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe

Filesize
468KB

MD5
e557c8cf8380b93e81dfb853a0b8a204

SHA1
8c06c576681fc4821442bea509d4decb782ce07d

SHA256
a141b23b1e0dc58a2024ea161249296f8f198ac0765ed00115720dee571ef306

SHA512
a92e7ea3f998b8d040edf6a456f8f37797029462d535562d87bf6ca96b1c2ae0fcf1c73be8981a23adb9ce8875bea9f29f31cf63980c9e8a94f1a27a25ba30cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe

Filesize
468KB

MD5
49a1ffd73480a242e07237adbe798e40

SHA1
2b0a05d7e47ffddcc50df4588c18aab6b43c676e

SHA256
e9de8446eabcb0df66d527e238c0938827a1cbb027533975ad4ba34a0066c21d

SHA512
47a0512dce3142fbfbcb3371c0f2cce6342e221ed44fa91f0c60ea29440b9cac93e7ad06cc0c62eb76f82aebaf8f31266245f68b96f9478f5c608aa6d36a6e37

Download Submit