8b60db13bee34c5a5d173cf0caba75f5e0aee93f0283e24d1949ed5cd619a0a2

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

771a7ec934834fa9f151c33f5d216340N.exe
Size

468KB
MD5

771a7ec934834fa9f151c33f5d216340
SHA1

2fcdc74ff044b9f9dd7f2eee3c00db067cf001b5
SHA256

8b60db13bee34c5a5d173cf0caba75f5e0aee93f0283e24d1949ed5cd619a0a2
SHA512

42c469b492192c03d1d9ddc305b8e055d67cead55b9b05b7f9da97c19f6e584984851b4f700770b9ac01bf5967e567290c7c05191147cb797bc71fa16a5a1ad8
SSDEEP

3072:EHgiogIyb05BtbYtPzq5Qf8/ECObZnpsnmHhZEhae5tMaWyiHYEK:EH1ok8BtiP+5QfhphRe5SZyiH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2760	Unicorn-7498.exe
440	Unicorn-15474.exe
556	Unicorn-47592.exe
2812	Unicorn-9548.exe
2840	Unicorn-15670.exe
2504	Unicorn-43290.exe
2676	Unicorn-22355.exe
2140	Unicorn-55023.exe
2776	Unicorn-18075.exe
1184	Unicorn-55578.exe
2328	Unicorn-30327.exe
1816	Unicorn-55718.exe
624	Unicorn-36117.exe
1224	Unicorn-49853.exe
1104	Unicorn-14950.exe
1072	Unicorn-22385.exe
1140	Unicorn-3671.exe
2856	Unicorn-27621.exe
2216	Unicorn-40043.exe
2116	Unicorn-63993.exe
1420	Unicorn-60878.exe
552	Unicorn-1471.exe
2500	Unicorn-1471.exe
2064	Unicorn-29681.exe
2364	Unicorn-38347.exe
2012	Unicorn-47849.exe
1508	Unicorn-47849.exe
1652	Unicorn-59032.exe
1936	Unicorn-17022.exe
2172	Unicorn-60656.exe
2272	Unicorn-47335.exe
980	Unicorn-16604.exe
284	Unicorn-37578.exe
2596	Unicorn-43739.exe
1544	Unicorn-52846.exe
976	Unicorn-65503.exe
2376	Unicorn-25025.exe
2772	Unicorn-4242.exe
2788	Unicorn-20579.exe
2964	Unicorn-713.exe
2984	Unicorn-23822.exe
2944	Unicorn-4221.exe
2680	Unicorn-24087.exe
2696	Unicorn-44507.exe
2724	Unicorn-16473.exe
2872	Unicorn-56759.exe
2388	Unicorn-52675.exe
2236	Unicorn-15845.exe
2740	Unicorn-54905.exe
2924	Unicorn-734.exe
2904	Unicorn-734.exe
968	Unicorn-734.exe
2668	Unicorn-734.exe
2928	Unicorn-60141.exe
2576	Unicorn-20193.exe
908	Unicorn-60333.exe
816	Unicorn-57533.exe
2088	Unicorn-62934.exe
2160	Unicorn-17263.exe
2164	Unicorn-49935.exe
2212	Unicorn-30069.exe
2440	Unicorn-14640.exe
1624	Unicorn-61850.exe
900	Unicorn-17288.exe

Loads dropped DLL 64 IoCs

pid	Process
1984	771a7ec934834fa9f151c33f5d216340N.exe
1984	771a7ec934834fa9f151c33f5d216340N.exe
1984	771a7ec934834fa9f151c33f5d216340N.exe
2760	Unicorn-7498.exe
1984	771a7ec934834fa9f151c33f5d216340N.exe
2760	Unicorn-7498.exe
440	Unicorn-15474.exe
440	Unicorn-15474.exe
1984	771a7ec934834fa9f151c33f5d216340N.exe
1984	771a7ec934834fa9f151c33f5d216340N.exe
556	Unicorn-47592.exe
556	Unicorn-47592.exe
2760	Unicorn-7498.exe
2760	Unicorn-7498.exe
2812	Unicorn-9548.exe
2812	Unicorn-9548.exe
440	Unicorn-15474.exe
440	Unicorn-15474.exe
2840	Unicorn-15670.exe
2840	Unicorn-15670.exe
2504	Unicorn-43290.exe
2504	Unicorn-43290.exe
1984	771a7ec934834fa9f151c33f5d216340N.exe
1984	771a7ec934834fa9f151c33f5d216340N.exe
2760	Unicorn-7498.exe
556	Unicorn-47592.exe
556	Unicorn-47592.exe
2760	Unicorn-7498.exe
2676	Unicorn-22355.exe
2676	Unicorn-22355.exe
2140	Unicorn-55023.exe
2140	Unicorn-55023.exe
2812	Unicorn-9548.exe
2776	Unicorn-18075.exe
2812	Unicorn-9548.exe
2776	Unicorn-18075.exe
2840	Unicorn-15670.exe
2840	Unicorn-15670.exe
624	Unicorn-36117.exe
624	Unicorn-36117.exe
556	Unicorn-47592.exe
556	Unicorn-47592.exe
1224	Unicorn-49853.exe
1816	Unicorn-55718.exe
1224	Unicorn-49853.exe
1816	Unicorn-55718.exe
1984	771a7ec934834fa9f151c33f5d216340N.exe
2760	Unicorn-7498.exe
1984	771a7ec934834fa9f151c33f5d216340N.exe
2760	Unicorn-7498.exe
1104	Unicorn-14950.exe
1184	Unicorn-55578.exe
1104	Unicorn-14950.exe
1184	Unicorn-55578.exe
2328	Unicorn-30327.exe
2328	Unicorn-30327.exe
440	Unicorn-15474.exe
440	Unicorn-15474.exe
2676	Unicorn-22355.exe
2676	Unicorn-22355.exe
2504	Unicorn-43290.exe
2504	Unicorn-43290.exe
1072	Unicorn-22385.exe
1072	Unicorn-22385.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2224	2252	WerFault.exe	94
2120	2956	WerFault.exe	104

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57071.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1984	771a7ec934834fa9f151c33f5d216340N.exe
2760	Unicorn-7498.exe
440	Unicorn-15474.exe
556	Unicorn-47592.exe
2840	Unicorn-15670.exe
2812	Unicorn-9548.exe
2504	Unicorn-43290.exe
2676	Unicorn-22355.exe
2140	Unicorn-55023.exe
2776	Unicorn-18075.exe
1224	Unicorn-49853.exe
1816	Unicorn-55718.exe
1184	Unicorn-55578.exe
624	Unicorn-36117.exe
2328	Unicorn-30327.exe
1104	Unicorn-14950.exe
1072	Unicorn-22385.exe
1140	Unicorn-3671.exe
2856	Unicorn-27621.exe
2216	Unicorn-40043.exe
2116	Unicorn-63993.exe
552	Unicorn-1471.exe
1420	Unicorn-60878.exe
2500	Unicorn-1471.exe
2064	Unicorn-29681.exe
2364	Unicorn-38347.exe
1508	Unicorn-47849.exe
2012	Unicorn-47849.exe
1652	Unicorn-59032.exe
1936	Unicorn-17022.exe
2172	Unicorn-60656.exe
2272	Unicorn-47335.exe
980	Unicorn-16604.exe
284	Unicorn-37578.exe
2596	Unicorn-43739.exe
1544	Unicorn-52846.exe
976	Unicorn-65503.exe
2376	Unicorn-25025.exe
2772	Unicorn-4242.exe
2788	Unicorn-20579.exe
2964	Unicorn-713.exe
2984	Unicorn-23822.exe
2680	Unicorn-24087.exe
2944	Unicorn-4221.exe
2696	Unicorn-44507.exe
2724	Unicorn-16473.exe
2872	Unicorn-56759.exe
2388	Unicorn-52675.exe
2236	Unicorn-15845.exe
2904	Unicorn-734.exe
2740	Unicorn-54905.exe
2924	Unicorn-734.exe
968	Unicorn-734.exe
2668	Unicorn-734.exe
2928	Unicorn-60141.exe
2576	Unicorn-20193.exe
908	Unicorn-60333.exe
816	Unicorn-57533.exe
2088	Unicorn-62934.exe
2160	Unicorn-17263.exe
2164	Unicorn-49935.exe
2212	Unicorn-30069.exe
2440	Unicorn-14640.exe
1624	Unicorn-61850.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2760	1984	771a7ec934834fa9f151c33f5d216340N.exe	30
PID 1984 wrote to memory of 2760	1984	771a7ec934834fa9f151c33f5d216340N.exe	30
PID 1984 wrote to memory of 2760	1984	771a7ec934834fa9f151c33f5d216340N.exe	30
PID 1984 wrote to memory of 2760	1984	771a7ec934834fa9f151c33f5d216340N.exe	30
PID 1984 wrote to memory of 440	1984	771a7ec934834fa9f151c33f5d216340N.exe	31
PID 1984 wrote to memory of 440	1984	771a7ec934834fa9f151c33f5d216340N.exe	31
PID 1984 wrote to memory of 440	1984	771a7ec934834fa9f151c33f5d216340N.exe	31
PID 1984 wrote to memory of 440	1984	771a7ec934834fa9f151c33f5d216340N.exe	31
PID 2760 wrote to memory of 556	2760	Unicorn-7498.exe	32
PID 2760 wrote to memory of 556	2760	Unicorn-7498.exe	32
PID 2760 wrote to memory of 556	2760	Unicorn-7498.exe	32
PID 2760 wrote to memory of 556	2760	Unicorn-7498.exe	32
PID 440 wrote to memory of 2812	440	Unicorn-15474.exe	33
PID 440 wrote to memory of 2812	440	Unicorn-15474.exe	33
PID 440 wrote to memory of 2812	440	Unicorn-15474.exe	33
PID 440 wrote to memory of 2812	440	Unicorn-15474.exe	33
PID 1984 wrote to memory of 2840	1984	771a7ec934834fa9f151c33f5d216340N.exe	34
PID 1984 wrote to memory of 2840	1984	771a7ec934834fa9f151c33f5d216340N.exe	34
PID 1984 wrote to memory of 2840	1984	771a7ec934834fa9f151c33f5d216340N.exe	34
PID 1984 wrote to memory of 2840	1984	771a7ec934834fa9f151c33f5d216340N.exe	34
PID 556 wrote to memory of 2504	556	Unicorn-47592.exe	35
PID 556 wrote to memory of 2504	556	Unicorn-47592.exe	35
PID 556 wrote to memory of 2504	556	Unicorn-47592.exe	35
PID 556 wrote to memory of 2504	556	Unicorn-47592.exe	35
PID 2760 wrote to memory of 2676	2760	Unicorn-7498.exe	36
PID 2760 wrote to memory of 2676	2760	Unicorn-7498.exe	36
PID 2760 wrote to memory of 2676	2760	Unicorn-7498.exe	36
PID 2760 wrote to memory of 2676	2760	Unicorn-7498.exe	36
PID 2812 wrote to memory of 2140	2812	Unicorn-9548.exe	37
PID 2812 wrote to memory of 2140	2812	Unicorn-9548.exe	37
PID 2812 wrote to memory of 2140	2812	Unicorn-9548.exe	37
PID 2812 wrote to memory of 2140	2812	Unicorn-9548.exe	37
PID 440 wrote to memory of 1184	440	Unicorn-15474.exe	38
PID 440 wrote to memory of 1184	440	Unicorn-15474.exe	38
PID 440 wrote to memory of 1184	440	Unicorn-15474.exe	38
PID 440 wrote to memory of 1184	440	Unicorn-15474.exe	38
PID 2840 wrote to memory of 2776	2840	Unicorn-15670.exe	39
PID 2840 wrote to memory of 2776	2840	Unicorn-15670.exe	39
PID 2840 wrote to memory of 2776	2840	Unicorn-15670.exe	39
PID 2840 wrote to memory of 2776	2840	Unicorn-15670.exe	39
PID 2504 wrote to memory of 2328	2504	Unicorn-43290.exe	40
PID 2504 wrote to memory of 2328	2504	Unicorn-43290.exe	40
PID 2504 wrote to memory of 2328	2504	Unicorn-43290.exe	40
PID 2504 wrote to memory of 2328	2504	Unicorn-43290.exe	40
PID 1984 wrote to memory of 1816	1984	771a7ec934834fa9f151c33f5d216340N.exe	41
PID 1984 wrote to memory of 1816	1984	771a7ec934834fa9f151c33f5d216340N.exe	41
PID 1984 wrote to memory of 1816	1984	771a7ec934834fa9f151c33f5d216340N.exe	41
PID 1984 wrote to memory of 1816	1984	771a7ec934834fa9f151c33f5d216340N.exe	41
PID 556 wrote to memory of 624	556	Unicorn-47592.exe	43
PID 556 wrote to memory of 624	556	Unicorn-47592.exe	43
PID 556 wrote to memory of 624	556	Unicorn-47592.exe	43
PID 556 wrote to memory of 624	556	Unicorn-47592.exe	43
PID 2760 wrote to memory of 1224	2760	Unicorn-7498.exe	42
PID 2760 wrote to memory of 1224	2760	Unicorn-7498.exe	42
PID 2760 wrote to memory of 1224	2760	Unicorn-7498.exe	42
PID 2760 wrote to memory of 1224	2760	Unicorn-7498.exe	42
PID 2676 wrote to memory of 1104	2676	Unicorn-22355.exe	44
PID 2676 wrote to memory of 1104	2676	Unicorn-22355.exe	44
PID 2676 wrote to memory of 1104	2676	Unicorn-22355.exe	44
PID 2676 wrote to memory of 1104	2676	Unicorn-22355.exe	44
PID 2140 wrote to memory of 1072	2140	Unicorn-55023.exe	45
PID 2140 wrote to memory of 1072	2140	Unicorn-55023.exe	45
PID 2140 wrote to memory of 1072	2140	Unicorn-55023.exe	45
PID 2140 wrote to memory of 1072	2140	Unicorn-55023.exe	45

C:\Users\Admin\AppData\Local\Temp\771a7ec934834fa9f151c33f5d216340N.exe
"C:\Users\Admin\AppData\Local\Temp\771a7ec934834fa9f151c33f5d216340N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43290.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22082.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        7⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46667.exe
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        7⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        7⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        5⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
        5⤵
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49982.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        7⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        6⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        7⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        7⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        5⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        6⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        6⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        5⤵
        
        PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
        6⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        6⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
      4⤵
      PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
      4⤵
      PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63365.exe
        6⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
        7⤵
        Program crash
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        6⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        6⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        6⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        5⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        5⤵
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        5⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        7⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        5⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        5⤵
        
        PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
      4⤵
      PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
      4⤵
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        7⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
        6⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        6⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34884.exe
        5⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        5⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      4⤵
      PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
      4⤵
      PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
      4⤵
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
      4⤵
      PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
      4⤵
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13660.exe
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8347.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
      4⤵
      PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
      4⤵
      PID:5236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
    3⤵
    PID:616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
      4⤵
      PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
      4⤵
      PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33824.exe
    3⤵
    PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
    3⤵
    PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
    3⤵
    PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
    3⤵
    PID:5480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55023.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5363.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        7⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        6⤵
        Executes dropped EXE
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61890.exe
        6⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        7⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        6⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        7⤵
        Program crash
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
        6⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        6⤵
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        6⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        5⤵
        
        PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        7⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43603.exe
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
        6⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        5⤵
        
        PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        6⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        5⤵
        
        PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
      4⤵
      PID:5656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        6⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        7⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        6⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        6⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
        5⤵
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        5⤵
        
        PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
      4⤵
      PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
      4⤵
      PID:5312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        5⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        5⤵
        
        PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
      4⤵
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        5⤵
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        5⤵
        
        PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
      4⤵
      PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
      4⤵
      PID:5152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11601.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        5⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        5⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
        5⤵
        
        PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
    3⤵
    PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
      4⤵
      PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
      4⤵
      PID:6136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
    3⤵
    PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
    3⤵
    PID:5496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15670.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15670.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        7⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        7⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
        6⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        5⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        5⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        6⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        5⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        5⤵
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
      4⤵
      PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        5⤵
        
        PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
      4⤵
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
      4⤵
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        5⤵
        
        PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
      4⤵
      PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
      4⤵
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
    3⤵
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
      4⤵
      PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
    3⤵
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
    3⤵
    PID:5732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        5⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        6⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        5⤵
        
        PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
      4⤵
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
      4⤵
      PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62934.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
      4⤵
      PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
      4⤵
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
      4⤵
      PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
      4⤵
      PID:5592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
    3⤵
    PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6714.exe
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
    3⤵
    PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
    3⤵
    PID:5756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
      4⤵
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        5⤵
        
        PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27558.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
      4⤵
      PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
      4⤵
      PID:5752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
      4⤵
      PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
    3⤵
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
    3⤵
    PID:3764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
    3⤵
    PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
    3⤵
    PID:5600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
    3⤵
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
      4⤵
      PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
    3⤵
    PID:2060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
    3⤵
    PID:3700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
    3⤵
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
    3⤵
    PID:5624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
  2⤵
  PID:864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
    3⤵
    PID:4392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
    3⤵
    PID:5952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30679.exe
  2⤵
  PID:4092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28510.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28510.exe
  2⤵
  PID:4744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
  2⤵
  PID:5460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15670.exe

Filesize
468KB

MD5
dfa30fa227e23c2f348597d37495599d

SHA1
ddf80d332d0afea1b2907b6989bd246065c99ad2

SHA256
e18c04f11aaabac92fb93d3a538ed320e85e8dc8b4622b81010a1112bdfe07b6

SHA512
126c371724f338839c9cfa38cf5b693d0104ee5a67c75b9314683408b131f04a9666b09b60a206314629746cf499ac7c7ab7f411f7382d651d78177afad95bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe

Filesize
468KB

MD5
5b176ad2ada98cf5b09ede5a60888301

SHA1
f5e7699478d133ce63f1e4e4ceff77a95463228b

SHA256
ea1cd88343722ca1948a3773c16040330cdc9c10ae7575e912c8669aeb2f963f

SHA512
f7fe5d9c35ee9278b779311feec3b9384f5a21a65155a257cd5a08761575b73f6e6909522064a7b849fcc6b62ba0ead3722350ccbe79cf40a0a722b2983fecef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe

Filesize
468KB

MD5
b129f65c7883f6162579b4fe8c0c4de8

SHA1
065bad0f9b534089ca0daf6d782df6df74c87e16

SHA256
ca55a781ecd42fb73b6ff4009831dbae9398fa7e02ea1c13977da22265e6e686

SHA512
dd3a3e5c89ff647862ecb836e6962d3d8176bfaeb7440a85d7dd92a147454e4b9d5f881e8f1e9e502dd400a5fee80c7f5017949ae443208f891cb4e3f9b67848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe

Filesize
468KB

MD5
f66da903106879517387fb5f280c61cf

SHA1
de68c9512527e7b9ca3810014e6574c12a6614c0

SHA256
63812703904a7ccebc00fb5568dd97e067d5e1dd11c243eb0c3057070e68a3d4

SHA512
dc0c136fd8f3813a9c5979e4ff7590b9da38a8584e650051ff668179daf096e7850fb8a69c9ce7109fb3be70a92c3b37080c3a1f7d88a63c30a2d087bd194d9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe

Filesize
468KB

MD5
d074b6f127723ab313084e69b0339b0c

SHA1
37b0a42d4334517eb4fe8d311931843efb046d08

SHA256
2759c2f1cf6e208a2876541b360de6c755eaed018ebe9e0a262b81f5091423bd

SHA512
d6699b9c1b38c7d581ab162d8f944024e9854878df24e66c11d8f85dfdf471d6da982a7d4246975d25c9bd083e039bf9becd884d1a9edee4b18862e038e22d8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe

Filesize
468KB

MD5
71f76652013870ad48cdd0641db4f88a

SHA1
aca6a55ab6a3df2992bc580f2af27be4c6bd2dc9

SHA256
a235e1a06deb97e7c14195405970cf4997e8d06869c6cae992a9a94acf383ab3

SHA512
2dfdd48fdb564ea6fb2eda49071416939af507dc7a44e22418202154bbf62e6d25b191b7905a517f3be8505b00d96c53cff288f743b29327e4594d056613ff4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe

Filesize
468KB

MD5
7ad0a2347dd65ecf6e14cb7fb2a8895a

SHA1
39b5189a1e7c47371aacf248327e1c5e91b02138

SHA256
d814c4e9e76ed8456f5949db4afec60fdadc2e9c9430a1e9028871d05a587eb0

SHA512
2db8f05698f9692f0908f0ad5f88db5b8daffacb49f57386b4e1edca359a0f4aa4fed93fba7e30073069515b6b98140a14af0ac7769dbb42ac2401f9984de47b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe

Filesize
468KB

MD5
5706f17ee96c9f326ca5d6910ea213ca

SHA1
94831e356ed7c4a72a455354612c5ad53f21365f

SHA256
1ba4113bfc1499cbec4a5618362728c1788c17565af9b1d4fd2c86d5da091ed5

SHA512
5ca9de77dba3f8400d906fa3f4612bd9a9ce14e3e4efa6cd680aa3d7c927256917d02d6ca7b50644b83207c1189b1f15974be2f58a1cc23c74a1365398b036c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe

Filesize
468KB

MD5
77c01fa13abdbaa0812baf589feda7a9

SHA1
47344d545e024f91947233fee89f828e743a9899

SHA256
bb8274ce3639675c4b42162889706ed302634c193421ebd4d9310e5a9dcdb1cc

SHA512
2a044c2bf853788254b9719834494a2a6622027960fa98fefe37b93dc613ae2bad156e31e448a273ddc8d9c41913ee57f0d5388d033a28ca830d890dc5893cfa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe

Filesize
468KB

MD5
7f5c92c342ab0cf9034aabeda6f3d7af

SHA1
eea3b639bae27295f6bab78e3600136a926355fd

SHA256
2866dac60a158358e6793ef639f7f5b355d27654c871c13043962d5b39c64f15

SHA512
f74c38d728d915cf555ee0ed9e38cfd783eba8a5b6c29d25ef2125d1a6ee5264d5b298263ad97e620aaf6d72c2982df2004a80f1d3858a6d009a397af5d9a10a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe

Filesize
468KB

MD5
3caf5ddd2944cb7dfe5dd70db78a318b

SHA1
b91f3fa0077bae6fff7cc03499e497401f648994

SHA256
fe242e5235e5e9c61e785118a4c61e588024796a6314b868d5e7ee51ad35aad9

SHA512
79e22507ba02c99c825020727a678699c84647b7dbd847058c71e1dd77a6f3ca4467644c80117390704a88d601bc959a3e1af16389b7e04723a0748f5a96fae1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe

Filesize
468KB

MD5
7e17e5424cdf795aa10f2c7d4b608f57

SHA1
d6a4318363e0101ae37ad87a5f487f97e9cc17c3

SHA256
f6bb5f46abd9c111417e72cf6bdbba93099eff10829663faf8ec74cbda5b0121

SHA512
a13d8e3ca8bc4eb2299dd0dbde33723c5b722a75933751f4cef1e27abe7d76ed086f0c4cee18cd6bbe9cc8668fdbf0d8b54342cfb9ff5c786f1407b9cc781b42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43290.exe

Filesize
468KB

MD5
84afb33d768154c8b10f412ad37e3d8f

SHA1
128e17e2b1229e4608a5de681215a07bbce7e71d

SHA256
f8c3831e8be03f7ccf64f3c757b36332a60303aa700e86d44c4d40b458e6caea

SHA512
bf4169bbf118ccb31cdc7e928b6ff1ad555c6d4d5ab5e03feca32bcfebf9d7d75870c8650ef9ff430de7927ba33ed16766ec8b0b9548961982ccd66561765448

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe

Filesize
468KB

MD5
eebb9f313c0b4e9a310eeaa99ab4aee2

SHA1
798eec2abc16fc3a8e6ef9c39389f6cbab338088

SHA256
2a85a8cf7ba48a8d11cf26a223b971db8f608d707c4659954f142ce96402cd45

SHA512
0f33a4461856687e77ad4d6608f0f40515d9d8f235501976e88c16ed7a97be77064ebe5cfcd61f566ff455384fb6ecf288b4d8c0c1e15abfe63eb76df029c1b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe

Filesize
468KB

MD5
ec46731a7ff06dd3070380f151f3c451

SHA1
435355720162f80c0bdbfa375bb69f4c856314b0

SHA256
6a6bebfa9ed501603c5c5713595100675f69785278c57ce86fda842910f7da61

SHA512
07186deea4ac9726257dc683615fc774cee8dd17da5a6d7b0f7830ac16dfb4e032f98200bffcd5903c4dd31bfecfdb0b38c97989caa5ac6bbf8a065564ae4df2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55023.exe

Filesize
468KB

MD5
cd708feabef0e3d6ac90951bafec64ab

SHA1
be387ade660e27c555290292bc9a9e813591438b

SHA256
5faefb7fbd70574ceea1e59d651784b3d6b512201d1212b98248867deb8aedcd

SHA512
8d3b3f55d69e63347e68f69dc22bdfb227311fcfdb14ffd0dfcb9ed8293dffa0659f5d27b4b654d566be908aabeea3249dc99d47ca2b5055b4fb8ac2ffde0918

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe

Filesize
468KB

MD5
45725081bdeeb82d2fee039ba6670d15

SHA1
f14f60ff629ffac0a169f995e805115216040f33

SHA256
243c3a3a8a05ca02bd0dfa258e2e3e67fb95cee60efcc35d19b8f80781ba9099

SHA512
20cc014594faa24bc3558a52b2380ad6addba1a6d1d657ec20ecf09df435dfe972cf1b8da5c7b64cfaf4ae2e94a287d66b435775aed82b622c4228a51d6725d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe

Filesize
468KB

MD5
8c92bec745aadc4ba78bce07b693d5f8

SHA1
cd1cf00ac7e18dfde695189aaaf15eea075d0e90

SHA256
bc69f25555186a55d638027d8bb5c8daf75007c0e782604561b675dee8e9c753

SHA512
68ab2e59b50b0a515023435648af6e41ac71396095a06e9c346d7f395c01ac3098edc005265518fd252c51e73d9e479106fe78cb5ebd8ff4421aa943d7cf973e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe

Filesize
468KB

MD5
92539b080dfec5751cbd14bee99f06ed

SHA1
e0950fb83f2f4fe1a408f93364a53d95bff9e549

SHA256
4e7166e366b7cc2b26371f2c2c362220bb285509e6ce298e3d36f21c44d04344

SHA512
c7a3ccdd530a5ca31c67cd9ede2f199a8e36ac0198eb84b88850bc9bc9aceccf5616008f9bd2063872092985dd460c7683e6dfd5e669b6c08bc660a17f70b488

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe

Filesize
468KB

MD5
7368e72b46bc03103bc2ac95cf271188

SHA1
7509597c18a578598f1479d79ea639a9aef6c8f7

SHA256
595ca583538bf87808f5016abd1a2a082c2c90938fc69ab8a98e4b62456ec295

SHA512
a085ed488264dfa32ce29d6bb053e5f91ce0fd0bf6d96efb26b3311b586a055f674091d62daab1aabcd3c2b4747b926fb3126afbd85399d0fec20438bea92d83

Download Submit