dee5f7c1e06bd7855d8a27dbb9a912cc0c76b5e7da99ec01965512763dbcf9e7

Analysis

max time kernel
115s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71058ea235e015bc54dc9d91c3d7ec20N.exe
Size

468KB
MD5

71058ea235e015bc54dc9d91c3d7ec20
SHA1

8ddb61a6264fafaef7fde5f6151566fa2120cd33
SHA256

dee5f7c1e06bd7855d8a27dbb9a912cc0c76b5e7da99ec01965512763dbcf9e7
SHA512

59a777786061a09910ec8696ac1b305305b22114bb18ffa9d98c63f3738af980883dc466bcbc106a622bedcb81aa5d25533c994755dc3e024807a79cb5b29d91
SSDEEP

3072:ybCHosITyP5/tbYHPgGLPfN/zChSJIpXHmHevSwto87wT3Au1/la:ybWo8x/t0PXLPf/0B9o8k7Au1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2908	Unicorn-43401.exe
2768	Unicorn-64579.exe
2820	Unicorn-52005.exe
2808	Unicorn-42168.exe
2920	Unicorn-38691.exe
2396	Unicorn-25797.exe
2680	Unicorn-28293.exe
1960	Unicorn-64847.exe
2252	Unicorn-25660.exe
2124	Unicorn-64655.exe
2500	Unicorn-47286.exe
2916	Unicorn-1614.exe
3020	Unicorn-40929.exe
3032	Unicorn-55236.exe
1016	Unicorn-9564.exe
2036	Unicorn-7421.exe
2484	Unicorn-11562.exe
2276	Unicorn-46804.exe
2464	Unicorn-15174.exe
2180	Unicorn-60846.exe
1048	Unicorn-55445.exe
1936	Unicorn-15366.exe
1488	Unicorn-43741.exe
2600	Unicorn-63607.exe
2564	Unicorn-18168.exe
1364	Unicorn-40722.exe
1108	Unicorn-33358.exe
1620	Unicorn-33623.exe
1516	Unicorn-23810.exe
2568	Unicorn-48707.exe
1928	Unicorn-48707.exe
1092	Unicorn-28600.exe
2176	Unicorn-58428.exe
1676	Unicorn-46939.exe
1592	Unicorn-40425.exe
2084	Unicorn-59814.exe
2736	Unicorn-57136.exe
2780	Unicorn-13192.exe
2836	Unicorn-11474.exe
2876	Unicorn-12808.exe
2892	Unicorn-2418.exe
2684	Unicorn-63052.exe
2356	Unicorn-61791.exe
2800	Unicorn-61526.exe
2116	Unicorn-11822.exe
2604	Unicorn-42493.exe
1400	Unicorn-35087.exe
316	Unicorn-1838.exe
2948	Unicorn-14453.exe
3008	Unicorn-23856.exe
1664	Unicorn-40659.exe
3060	Unicorn-60525.exe
3000	Unicorn-28538.exe
2312	Unicorn-56420.exe
1684	Unicorn-6922.exe
2400	Unicorn-62253.exe
972	Unicorn-60608.exe
2172	Unicorn-37566.exe
1768	Unicorn-11533.exe
1572	Unicorn-50995.exe
824	Unicorn-24462.exe
1780	Unicorn-5940.exe
1688	Unicorn-25806.exe
2000	Unicorn-19675.exe

Loads dropped DLL 64 IoCs

pid	Process
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2908	Unicorn-43401.exe
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2908	Unicorn-43401.exe
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2908	Unicorn-43401.exe
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2908	Unicorn-43401.exe
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2820	Unicorn-52005.exe
2820	Unicorn-52005.exe
2768	Unicorn-64579.exe
2768	Unicorn-64579.exe
2808	Unicorn-42168.exe
2808	Unicorn-42168.exe
2908	Unicorn-43401.exe
2908	Unicorn-43401.exe
2396	Unicorn-25797.exe
2768	Unicorn-64579.exe
2396	Unicorn-25797.exe
2768	Unicorn-64579.exe
2920	Unicorn-38691.exe
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2920	Unicorn-38691.exe
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2680	Unicorn-28293.exe
2820	Unicorn-52005.exe
2820	Unicorn-52005.exe
2680	Unicorn-28293.exe
1960	Unicorn-64847.exe
1960	Unicorn-64847.exe
2808	Unicorn-42168.exe
2808	Unicorn-42168.exe
2124	Unicorn-64655.exe
2124	Unicorn-64655.exe
2396	Unicorn-25797.exe
3020	Unicorn-40929.exe
2396	Unicorn-25797.exe
3020	Unicorn-40929.exe
2916	Unicorn-1614.exe
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2916	Unicorn-1614.exe
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
1016	Unicorn-9564.exe
2920	Unicorn-38691.exe
2680	Unicorn-28293.exe
2920	Unicorn-38691.exe
1016	Unicorn-9564.exe
2680	Unicorn-28293.exe
2252	Unicorn-25660.exe
2252	Unicorn-25660.exe
2908	Unicorn-43401.exe
2500	Unicorn-47286.exe
2908	Unicorn-43401.exe
2500	Unicorn-47286.exe
3032	Unicorn-55236.exe
3032	Unicorn-55236.exe
2768	Unicorn-64579.exe
2820	Unicorn-52005.exe
2768	Unicorn-64579.exe
2820	Unicorn-52005.exe
2036	Unicorn-7421.exe
2036	Unicorn-7421.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3344	3820	WerFault.exe	255

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48793.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2468	71058ea235e015bc54dc9d91c3d7ec20N.exe
2908	Unicorn-43401.exe
2768	Unicorn-64579.exe
2820	Unicorn-52005.exe
2808	Unicorn-42168.exe
2396	Unicorn-25797.exe
2680	Unicorn-28293.exe
2920	Unicorn-38691.exe
1960	Unicorn-64847.exe
2124	Unicorn-64655.exe
2916	Unicorn-1614.exe
2252	Unicorn-25660.exe
2500	Unicorn-47286.exe
1016	Unicorn-9564.exe
3020	Unicorn-40929.exe
3032	Unicorn-55236.exe
2036	Unicorn-7421.exe
2484	Unicorn-11562.exe
2276	Unicorn-46804.exe
2464	Unicorn-15174.exe
1488	Unicorn-43741.exe
1048	Unicorn-55445.exe
1936	Unicorn-15366.exe
2180	Unicorn-60846.exe
2600	Unicorn-63607.exe
1364	Unicorn-40722.exe
2564	Unicorn-18168.exe
1620	Unicorn-33623.exe
1108	Unicorn-33358.exe
1516	Unicorn-23810.exe
1928	Unicorn-48707.exe
2568	Unicorn-48707.exe
1092	Unicorn-28600.exe
2176	Unicorn-58428.exe
1676	Unicorn-46939.exe
1592	Unicorn-40425.exe
2084	Unicorn-59814.exe
2736	Unicorn-57136.exe
2780	Unicorn-13192.exe
2836	Unicorn-11474.exe
2876	Unicorn-12808.exe
2684	Unicorn-63052.exe
2892	Unicorn-2418.exe
2356	Unicorn-61791.exe
2800	Unicorn-61526.exe
2116	Unicorn-11822.exe
1400	Unicorn-35087.exe
2604	Unicorn-42493.exe
316	Unicorn-1838.exe
2948	Unicorn-14453.exe
3008	Unicorn-23856.exe
3060	Unicorn-60525.exe
1664	Unicorn-40659.exe
3000	Unicorn-28538.exe
2312	Unicorn-56420.exe
1684	Unicorn-6922.exe
972	Unicorn-60608.exe
2400	Unicorn-62253.exe
2172	Unicorn-37566.exe
1768	Unicorn-11533.exe
1572	Unicorn-50995.exe
1780	Unicorn-5940.exe
1920	Unicorn-8628.exe
1688	Unicorn-25806.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2908	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	29
PID 2468 wrote to memory of 2908	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	29
PID 2468 wrote to memory of 2908	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	29
PID 2468 wrote to memory of 2908	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	29
PID 2908 wrote to memory of 2768	2908	Unicorn-43401.exe	30
PID 2908 wrote to memory of 2768	2908	Unicorn-43401.exe	30
PID 2908 wrote to memory of 2768	2908	Unicorn-43401.exe	30
PID 2908 wrote to memory of 2768	2908	Unicorn-43401.exe	30
PID 2468 wrote to memory of 2820	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	31
PID 2468 wrote to memory of 2820	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	31
PID 2468 wrote to memory of 2820	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	31
PID 2468 wrote to memory of 2820	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	31
PID 2908 wrote to memory of 2808	2908	Unicorn-43401.exe	32
PID 2908 wrote to memory of 2808	2908	Unicorn-43401.exe	32
PID 2908 wrote to memory of 2808	2908	Unicorn-43401.exe	32
PID 2908 wrote to memory of 2808	2908	Unicorn-43401.exe	32
PID 2468 wrote to memory of 2920	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	33
PID 2468 wrote to memory of 2920	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	33
PID 2468 wrote to memory of 2920	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	33
PID 2468 wrote to memory of 2920	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	33
PID 2820 wrote to memory of 2680	2820	Unicorn-52005.exe	34
PID 2820 wrote to memory of 2680	2820	Unicorn-52005.exe	34
PID 2820 wrote to memory of 2680	2820	Unicorn-52005.exe	34
PID 2820 wrote to memory of 2680	2820	Unicorn-52005.exe	34
PID 2768 wrote to memory of 2396	2768	Unicorn-64579.exe	35
PID 2768 wrote to memory of 2396	2768	Unicorn-64579.exe	35
PID 2768 wrote to memory of 2396	2768	Unicorn-64579.exe	35
PID 2768 wrote to memory of 2396	2768	Unicorn-64579.exe	35
PID 2808 wrote to memory of 1960	2808	Unicorn-42168.exe	36
PID 2808 wrote to memory of 1960	2808	Unicorn-42168.exe	36
PID 2808 wrote to memory of 1960	2808	Unicorn-42168.exe	36
PID 2808 wrote to memory of 1960	2808	Unicorn-42168.exe	36
PID 2908 wrote to memory of 2252	2908	Unicorn-43401.exe	37
PID 2908 wrote to memory of 2252	2908	Unicorn-43401.exe	37
PID 2908 wrote to memory of 2252	2908	Unicorn-43401.exe	37
PID 2908 wrote to memory of 2252	2908	Unicorn-43401.exe	37
PID 2396 wrote to memory of 2124	2396	Unicorn-25797.exe	38
PID 2396 wrote to memory of 2124	2396	Unicorn-25797.exe	38
PID 2396 wrote to memory of 2124	2396	Unicorn-25797.exe	38
PID 2396 wrote to memory of 2124	2396	Unicorn-25797.exe	38
PID 2768 wrote to memory of 2500	2768	Unicorn-64579.exe	39
PID 2768 wrote to memory of 2500	2768	Unicorn-64579.exe	39
PID 2768 wrote to memory of 2500	2768	Unicorn-64579.exe	39
PID 2768 wrote to memory of 2500	2768	Unicorn-64579.exe	39
PID 2920 wrote to memory of 2916	2920	Unicorn-38691.exe	40
PID 2920 wrote to memory of 2916	2920	Unicorn-38691.exe	40
PID 2920 wrote to memory of 2916	2920	Unicorn-38691.exe	40
PID 2920 wrote to memory of 2916	2920	Unicorn-38691.exe	40
PID 2468 wrote to memory of 3020	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	41
PID 2468 wrote to memory of 3020	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	41
PID 2468 wrote to memory of 3020	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	41
PID 2468 wrote to memory of 3020	2468	71058ea235e015bc54dc9d91c3d7ec20N.exe	41
PID 2820 wrote to memory of 3032	2820	Unicorn-52005.exe	43
PID 2820 wrote to memory of 3032	2820	Unicorn-52005.exe	43
PID 2820 wrote to memory of 3032	2820	Unicorn-52005.exe	43
PID 2820 wrote to memory of 3032	2820	Unicorn-52005.exe	43
PID 2680 wrote to memory of 1016	2680	Unicorn-28293.exe	42
PID 2680 wrote to memory of 1016	2680	Unicorn-28293.exe	42
PID 2680 wrote to memory of 1016	2680	Unicorn-28293.exe	42
PID 2680 wrote to memory of 1016	2680	Unicorn-28293.exe	42
PID 1960 wrote to memory of 2036	1960	Unicorn-64847.exe	44
PID 1960 wrote to memory of 2036	1960	Unicorn-64847.exe	44
PID 1960 wrote to memory of 2036	1960	Unicorn-64847.exe	44
PID 1960 wrote to memory of 2036	1960	Unicorn-64847.exe	44

C:\Users\Admin\AppData\Local\Temp\71058ea235e015bc54dc9d91c3d7ec20N.exe
"C:\Users\Admin\AppData\Local\Temp\71058ea235e015bc54dc9d91c3d7ec20N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59814.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23222.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        9⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        7⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        7⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        7⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        6⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        6⤵
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        6⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64555.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7644.exe
        7⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        6⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        5⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
        5⤵
        
        PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2040.exe
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
        7⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        6⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        6⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        6⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 188
        7⤵
        Program crash
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        5⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        5⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        6⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        6⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49991.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        6⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
        5⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        5⤵
        
        PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61526.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        5⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        5⤵
        
        PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
      4⤵
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
      4⤵
      PID:4460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
        8⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
        8⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        7⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        6⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        6⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        7⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        6⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        6⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        6⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
        5⤵
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        5⤵
        
        PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        7⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        6⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        5⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        5⤵
        
        PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24597.exe
        5⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        5⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
      4⤵
      PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        5⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        5⤵
        
        PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
      4⤵
      Executes dropped EXE
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        5⤵
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
      4⤵
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
      4⤵
      PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38538.exe
      4⤵
      PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
      4⤵
      PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7644.exe
      4⤵
      PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
    3⤵
    PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        7⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        7⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        6⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33854.exe
        6⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        6⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32793.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
      4⤵
      PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
      4⤵
      PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
      4⤵
      PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        6⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42407.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7644.exe
        6⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        5⤵
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
      4⤵
      PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      4⤵
      PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        6⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62562.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        5⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        5⤵
        
        PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
      4⤵
      PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
      4⤵
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
      4⤵
      PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
      4⤵
      PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
    3⤵
    PID:896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
    3⤵
    PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
    3⤵
    PID:3716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
    3⤵
    PID:4740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1614.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        6⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        6⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        6⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
        5⤵
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        5⤵
        
        PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
      4⤵
      PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
      4⤵
      PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
      4⤵
      PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
      4⤵
      PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
      4⤵
      PID:5056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
    3⤵
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
    3⤵
    PID:840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
    3⤵
    PID:4580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
      4⤵
      PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
      4⤵
      PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
        5⤵
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
      4⤵
      PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
      4⤵
      PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
    3⤵
    PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
    3⤵
    PID:924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
    3⤵
    PID:692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
    3⤵
    PID:2244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
    3⤵
    PID:4976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
      4⤵
      Executes dropped EXE
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        5⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
      4⤵
      PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8628.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
    3⤵
    PID:3612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
    3⤵
    PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
    3⤵
    PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3586.exe
    3⤵
    PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
  2⤵
  PID:2164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10021.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10021.exe
  2⤵
  PID:3100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
  2⤵
  PID:3724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
  2⤵
  PID:4652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
  2⤵
  PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe

Filesize
468KB

MD5
7d2dd803dd82ca83fb1221da13099385

SHA1
dd196c3342f78bd54cce1b13f3e1f770a05827ed

SHA256
4706506ae06e7fcdc67cceb39e0ecfa820d7330dbfe95be5183087774a611bf6

SHA512
6922be6841e184af8e305b2cdd27a15a5c616151a883aa0d48bb28e7124826f44b42f7c17869876628f5ef9e520cac584de3834336d999392d67bf53141dee9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe

Filesize
468KB

MD5
1ac7ac12986225929bd506543f80a330

SHA1
d52d02825cc889dc54b5ad9609ee424bf6b2b769

SHA256
986b9787270fca74a972d242f412a7e8e7dbeb94d548429d1f5f18ab2d8b4dbb

SHA512
59806883289cfd6e5ee1ae23a4dfa5823ea03adb04d1a3356bdde6124216115b1b57819bec3d7231237cb658df5c5912e06f8d0f1af9624124e8ef7a67b026fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe

Filesize
468KB

MD5
ebf8c69aaa57a65d3753e4976d227bf3

SHA1
7dd42bff92bf07e3d47a52227b33aca68c34330d

SHA256
83874816b3f6b18308d67fc8edccdf98faf545b832451f38b18157ad4622cf50

SHA512
7594b8722f2ef13db9c06c28ffae15e4f256fd13b0b5ab070a528abf6c2ae56d6b0c3074c4cafcccd49372ce95aeb75416d7b96ecbe8f49657288cda0c68d247

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe

Filesize
468KB

MD5
2c8f8b91ebab9202ff9da58b47f51c2d

SHA1
1b126d341b0a56b1f89858c76bb1a8768c76815b

SHA256
d3781a1d8794cec942b4a07e1e6205fa7163890b754bf950ce3dc5869d136109

SHA512
c8c9e6aedfb000ccf6b6e5425205968faeb13a36ecbc163f64cd646f376fc545283f983a84fa4e7b4403765fc24414c512cdea8ec2ce2783628a68b20a227b40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1614.exe

Filesize
468KB

MD5
7c94ba09e3a66256935a2048632d18ba

SHA1
814f2daf3e390226b76dfb0f9716826c214180fd

SHA256
483126ad9f70e5f4f777e9eb9afbe53c681879d9fde23674cbc58900f5f5cb55

SHA512
775286e665a589153a42762398629678620500acd47076fe69ea993ff1dc84f3071dfc571aba070a634a38931d9a338f9cfdb4a8509e37b02edb4513ec4c6417

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe

Filesize
468KB

MD5
7abe16476271c0030fa2d3edc44aa75e

SHA1
123ba6b5ad87029810c175fea644498781c76b1b

SHA256
1274df4fb323fc1b18ce8c4062590e32e69b1e144f3759c539cbded1284a8997

SHA512
803195b6cb5c71ecf08455a8e06c289dc18d6660968b30b35f3d6c77995e6029f560596722b6d82f9745a1ce9cd4858d33514ae217948b80a0fff99dc13bf8dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe

Filesize
468KB

MD5
60b857126f0d812d4546257402dad320

SHA1
9920279a93df3160b06897bd632b6f3678d95fde

SHA256
9b37732948b6ec4ebd12c559ba1448a9c4044ab3a5a3757155b2c0be99458c77

SHA512
b7a7d44bd694382f02158b8314fee360470b5799e06bfee25cf04d189b7fb88f7e6186c8c85d01b509611a3cb137a1a2fc0d4523a8c849bef815910236cb4064

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe

Filesize
468KB

MD5
fc178df5e886bbf2eae5e107cc3f8c1a

SHA1
5009fd8ef3e30121fc50d0e45ea705ffb900b93d

SHA256
687df69d035b925c40ddd4129c9b30233ddebff1e0e009ae75fc750371a209a4

SHA512
c5746d81dcb7c2b2282bdb91739364375f47ac5c1d8f7f4228ec7fc562059ed6c93d0d9c3af7026ff4cb08e759c58af3d8fb146fddd9ab817557f471c22a8210

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe

Filesize
468KB

MD5
ac9225c227b3c0668aa7217347910390

SHA1
ee2d5fcdea0b4ab022dd63301430789979834f9f

SHA256
ef535e2b4ecfc2d109c2a62121b15e1e6cc967f76512d7e8e95333922ec7b977

SHA512
09df32722ea044a82e563c4fac2090dc8090860b7795296f38df9fbaa7bb3d44af688d1414bd0d786ba5cb2215e00612e14a7e896ec334b71780147b90184c10

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe

Filesize
468KB

MD5
43a5d4a12983c4dd3daa5884d4061410

SHA1
0c5e30e951038f9dd7033281c8cab8403fe563a4

SHA256
785416aec3ecedc8e89f0e1b16a0f5b25cd078f8f01ef08a21ab0f06fd2c041c

SHA512
a65afaf25b9a4caea1356fd3e55f80884ce3f6755df2817d7386491be1108124ffcfe07c894784b3ad8a3c5e91a1f97ac0aab4b1d2189604fc62acb841676b99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe

Filesize
468KB

MD5
f5a3e04a36b99ffe9c14cc68e54ba03a

SHA1
5157b23093823dbf62bb45766272c35daf14a15d

SHA256
279cbc29349557f8b715812f4a0e9cbfc9e0b1786399b201ef0c4aa703855d1c

SHA512
93cbac30a6b03684b23d705965e7d185cbf1f3cb45b2ffbe0b519189b4b5d0726147a9cdda2c637bc2411bd7ee137723ff4da43447295d20fa205e4538ae267d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe

Filesize
468KB

MD5
5cd0b6e8c7365849a5f75a8e3b1b97d6

SHA1
99cb4e02b84082c514f47347c7a512c5e7a41999

SHA256
8fd4940e7fe09503a4daf2f42b982b6db01a515ea79d83ecd6363b7adda97acb

SHA512
c4dde2bb324f57026a4fd6bd712d37008c553c8ae8277a54f682c3bf87329d7a08160d301eea9c80b9b1360cc1920ce50ef5d6f38e2c34f5b902eee88647b97b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe

Filesize
468KB

MD5
13a52a56b35b7ee87d10358a270210de

SHA1
208ebff5f7bbfc2d4653a8e2d18c8cf1514fa3af

SHA256
d8219b4bd0bdfda7e9f931ce4fb01cf7fb5d2fb21682f28f5909dd904495c051

SHA512
651a99cf81c24872815ba40c50b527d6af031ce16d485d13eac6ed745457ace4141025c1d042fc19bbc2bf6336130d87327d45b8a5cd1e7f9cf9c8049738deca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe

Filesize
468KB

MD5
3a3e122ae6c1b05ad2c9f5b054bca657

SHA1
1ed14c4e66e334d7334bcca7ad132819bc04c467

SHA256
438339b9278cd2e047b289a98990fc91886aa89208960ee93b3cad8a481c7adc

SHA512
8573d9e98057cd80e18b078ab703d99d1620502e913f6322a72b1999d51e7cc220554cf94c031b18b1374bd5cd725b5b8eebdb79e456aa740c4df0f5ea817259

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe

Filesize
468KB

MD5
eb77061dba4c514ab0906a0def8c6cf8

SHA1
627bebe1d7d4627ddb95c69599fbc6d8d04379dd

SHA256
c8290489b3158d139aecdf724eaccd1e07f591edae8ad2881a17c9e10bce513f

SHA512
3bf540e944aecfcbb9c6e349c94ec3f596893313a1403447dd49c456baeef5c99fcaf709ace21065ad12c6b6f4ebbfc0a3556f3a197f28b311b00712815e73aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe

Filesize
468KB

MD5
460923c8da217bd9131d5f0e39c5bf56

SHA1
bbb3632a4425bb08a9ee7d7460b18253650598dc

SHA256
1ef6da3e721766b614833b3c4526fee6190f0d9d9a9d37d64edc9a2987a23ea9

SHA512
956cf7bcc59f987aac1a47b60e2b95bbb33fa532ad210c3f69c4ab19f4f34b0e310c36471c5619261fabbefda632453414062ab0dc0da455cbecf517911e9b38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe

Filesize
468KB

MD5
d339afa8e274826fd51c21d3a854dc9c

SHA1
2288096ab107232d5dbd1566e292a6cf102f84e2

SHA256
d2893efc72933f52a24842d75296ee603cddce3e01f10eea8d03c006ef0f1aaa

SHA512
0e892c2a63b5b921f876627c7a2dbd1e308a3873f487825d24b10a9e88c3b324ff1c1a67f27b18296d032a96a156ac5eec89f2d484a530f1f271809b298b0072

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe

Filesize
468KB

MD5
24da130e6403e42c4fd6e0eb5cf46189

SHA1
eb9ac0d3c66de295df4cb2464b5058c076184ad9

SHA256
6bde538a45ff26ac622add04094a230bf217834ce75736a95b4c37b79240138e

SHA512
365ba9551cb3d2060ccd8abe96156180846147e30bb42be94eea35a7e69a9bc49b57096865dc17c99911da5513535142f88dc5bcc7dfd4fd6d231d76c0aa86bf

Download Submit