7f1e7f2f7aa27ad57629c4c12792a870bbb13801f45a413d67911f155bd9bbb2

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa637489cb726d92017a7201d6769a10N.exe
Size

468KB
MD5

fa637489cb726d92017a7201d6769a10
SHA1

a290d85d31cec1af91ff45f0b3fb927c861ba93a
SHA256

7f1e7f2f7aa27ad57629c4c12792a870bbb13801f45a413d67911f155bd9bbb2
SHA512

4ea56bb7b23a43321d85e5bd94339dc9771078f18e7211d38a12fe4182b68878c4dbdf05149ec3c54a9e8af90d6096725580fa36dce3a0241bbeaf46c9b7cb28
SSDEEP

3072:RnuTogIKI05GMbYPHz4OcfJ/zChsP0EwnLHewVPv7pQLyz5g/tlf:RnyoD8GMkHcOcfXNxs7pag5g/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3052	Unicorn-20629.exe
2260	Unicorn-33518.exe
2264	Unicorn-63690.exe
2756	Unicorn-10488.exe
2932	Unicorn-27492.exe
2296	Unicorn-15703.exe
2616	Unicorn-4842.exe
2920	Unicorn-49129.exe
2604	Unicorn-47546.exe
2536	Unicorn-38631.exe
1984	Unicorn-35215.exe
2688	Unicorn-6534.exe
2820	Unicorn-41957.exe
2608	Unicorn-24817.exe
2860	Unicorn-22356.exe
1932	Unicorn-38906.exe
2392	Unicorn-31292.exe
2156	Unicorn-12071.exe
1780	Unicorn-4379.exe
2208	Unicorn-8947.exe
2036	Unicorn-58703.exe
2456	Unicorn-35590.exe
2512	Unicorn-12269.exe
2404	Unicorn-41620.exe
1464	Unicorn-54427.exe
1604	Unicorn-25860.exe
932	Unicorn-25595.exe
904	Unicorn-5339.exe
1372	Unicorn-8838.exe
1000	Unicorn-49771.exe
2080	Unicorn-10784.exe
1032	Unicorn-3171.exe
1556	Unicorn-8646.exe
2172	Unicorn-44012.exe
2216	Unicorn-15060.exe
2908	Unicorn-48236.exe
2768	Unicorn-60753.exe
2320	Unicorn-17674.exe
2644	Unicorn-31781.exe
2924	Unicorn-31781.exe
2668	Unicorn-46747.exe
1264	Unicorn-26881.exe
2788	Unicorn-26881.exe
2636	Unicorn-30310.exe
656	Unicorn-30219.exe
1668	Unicorn-50639.exe
2864	Unicorn-12299.exe
2336	Unicorn-59061.exe
2964	Unicorn-22627.exe
2812	Unicorn-41713.exe
2720	Unicorn-41978.exe
1452	Unicorn-53269.exe
108	Unicorn-48008.exe
568	Unicorn-56176.exe
1772	Unicorn-17836.exe
2412	Unicorn-24442.exe
2420	Unicorn-35377.exe
2148	Unicorn-44308.exe
2212	Unicorn-64728.exe
1136	Unicorn-59274.exe
1608	Unicorn-44884.exe
336	Unicorn-514.exe
2428	Unicorn-13965.exe
1956	Unicorn-28910.exe

Loads dropped DLL 64 IoCs

pid	Process
2224	fa637489cb726d92017a7201d6769a10N.exe
2224	fa637489cb726d92017a7201d6769a10N.exe
2224	fa637489cb726d92017a7201d6769a10N.exe
3052	Unicorn-20629.exe
2224	fa637489cb726d92017a7201d6769a10N.exe
3052	Unicorn-20629.exe
2260	Unicorn-33518.exe
2260	Unicorn-33518.exe
2224	fa637489cb726d92017a7201d6769a10N.exe
2224	fa637489cb726d92017a7201d6769a10N.exe
3052	Unicorn-20629.exe
3052	Unicorn-20629.exe
2264	Unicorn-63690.exe
2264	Unicorn-63690.exe
2756	Unicorn-10488.exe
2756	Unicorn-10488.exe
2260	Unicorn-33518.exe
2260	Unicorn-33518.exe
2296	Unicorn-15703.exe
2296	Unicorn-15703.exe
3052	Unicorn-20629.exe
3052	Unicorn-20629.exe
2932	Unicorn-27492.exe
2932	Unicorn-27492.exe
2224	fa637489cb726d92017a7201d6769a10N.exe
2616	Unicorn-4842.exe
2224	fa637489cb726d92017a7201d6769a10N.exe
2264	Unicorn-63690.exe
2616	Unicorn-4842.exe
2264	Unicorn-63690.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2920	Unicorn-49129.exe
2920	Unicorn-49129.exe
2756	Unicorn-10488.exe
2756	Unicorn-10488.exe
2832	WerFault.exe
2604	Unicorn-47546.exe
2604	Unicorn-47546.exe
2260	Unicorn-33518.exe
2260	Unicorn-33518.exe
2536	Unicorn-38631.exe
2296	Unicorn-15703.exe
2536	Unicorn-38631.exe
2296	Unicorn-15703.exe
2820	Unicorn-41957.exe
2820	Unicorn-41957.exe
2224	fa637489cb726d92017a7201d6769a10N.exe
2224	fa637489cb726d92017a7201d6769a10N.exe
2688	Unicorn-6534.exe
2688	Unicorn-6534.exe
2932	Unicorn-27492.exe
2932	Unicorn-27492.exe
3052	Unicorn-20629.exe
2860	Unicorn-22356.exe
3052	Unicorn-20629.exe
2860	Unicorn-22356.exe
2264	Unicorn-63690.exe
2264	Unicorn-63690.exe
2392	Unicorn-31292.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2832	2608	WerFault.exe	42
2816	1956	WerFault.exe	93

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1830.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2224	fa637489cb726d92017a7201d6769a10N.exe
3052	Unicorn-20629.exe
2260	Unicorn-33518.exe
2264	Unicorn-63690.exe
2756	Unicorn-10488.exe
2932	Unicorn-27492.exe
2296	Unicorn-15703.exe
2616	Unicorn-4842.exe
2920	Unicorn-49129.exe
2604	Unicorn-47546.exe
2536	Unicorn-38631.exe
1984	Unicorn-35215.exe
2688	Unicorn-6534.exe
2860	Unicorn-22356.exe
2608	Unicorn-24817.exe
2820	Unicorn-41957.exe
1932	Unicorn-38906.exe
2392	Unicorn-31292.exe
2156	Unicorn-12071.exe
1780	Unicorn-4379.exe
2208	Unicorn-8947.exe
2456	Unicorn-35590.exe
2036	Unicorn-58703.exe
1464	Unicorn-54427.exe
2512	Unicorn-12269.exe
932	Unicorn-25595.exe
1604	Unicorn-25860.exe
2404	Unicorn-41620.exe
904	Unicorn-5339.exe
1372	Unicorn-8838.exe
2080	Unicorn-10784.exe
1000	Unicorn-49771.exe
1032	Unicorn-3171.exe
1556	Unicorn-8646.exe
2172	Unicorn-44012.exe
2216	Unicorn-15060.exe
2768	Unicorn-60753.exe
2908	Unicorn-48236.exe
2320	Unicorn-17674.exe
2924	Unicorn-31781.exe
2636	Unicorn-30310.exe
2788	Unicorn-26881.exe
2668	Unicorn-46747.exe
1264	Unicorn-26881.exe
1668	Unicorn-50639.exe
2864	Unicorn-12299.exe
656	Unicorn-30219.exe
2336	Unicorn-59061.exe
2812	Unicorn-41713.exe
2964	Unicorn-22627.exe
2720	Unicorn-41978.exe
108	Unicorn-48008.exe
1452	Unicorn-53269.exe
568	Unicorn-56176.exe
2420	Unicorn-35377.exe
2148	Unicorn-44308.exe
2412	Unicorn-24442.exe
1772	Unicorn-17836.exe
1136	Unicorn-59274.exe
336	Unicorn-514.exe
2212	Unicorn-64728.exe
1608	Unicorn-44884.exe
2428	Unicorn-13965.exe
948	Unicorn-40343.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 3052	2224	fa637489cb726d92017a7201d6769a10N.exe	29
PID 2224 wrote to memory of 3052	2224	fa637489cb726d92017a7201d6769a10N.exe	29
PID 2224 wrote to memory of 3052	2224	fa637489cb726d92017a7201d6769a10N.exe	29
PID 2224 wrote to memory of 3052	2224	fa637489cb726d92017a7201d6769a10N.exe	29
PID 2224 wrote to memory of 2260	2224	fa637489cb726d92017a7201d6769a10N.exe	30
PID 2224 wrote to memory of 2260	2224	fa637489cb726d92017a7201d6769a10N.exe	30
PID 2224 wrote to memory of 2260	2224	fa637489cb726d92017a7201d6769a10N.exe	30
PID 2224 wrote to memory of 2260	2224	fa637489cb726d92017a7201d6769a10N.exe	30
PID 3052 wrote to memory of 2264	3052	Unicorn-20629.exe	31
PID 3052 wrote to memory of 2264	3052	Unicorn-20629.exe	31
PID 3052 wrote to memory of 2264	3052	Unicorn-20629.exe	31
PID 3052 wrote to memory of 2264	3052	Unicorn-20629.exe	31
PID 2260 wrote to memory of 2756	2260	Unicorn-33518.exe	32
PID 2260 wrote to memory of 2756	2260	Unicorn-33518.exe	32
PID 2260 wrote to memory of 2756	2260	Unicorn-33518.exe	32
PID 2260 wrote to memory of 2756	2260	Unicorn-33518.exe	32
PID 2224 wrote to memory of 2932	2224	fa637489cb726d92017a7201d6769a10N.exe	33
PID 2224 wrote to memory of 2932	2224	fa637489cb726d92017a7201d6769a10N.exe	33
PID 2224 wrote to memory of 2932	2224	fa637489cb726d92017a7201d6769a10N.exe	33
PID 2224 wrote to memory of 2932	2224	fa637489cb726d92017a7201d6769a10N.exe	33
PID 3052 wrote to memory of 2296	3052	Unicorn-20629.exe	34
PID 3052 wrote to memory of 2296	3052	Unicorn-20629.exe	34
PID 3052 wrote to memory of 2296	3052	Unicorn-20629.exe	34
PID 3052 wrote to memory of 2296	3052	Unicorn-20629.exe	34
PID 2264 wrote to memory of 2616	2264	Unicorn-63690.exe	35
PID 2264 wrote to memory of 2616	2264	Unicorn-63690.exe	35
PID 2264 wrote to memory of 2616	2264	Unicorn-63690.exe	35
PID 2264 wrote to memory of 2616	2264	Unicorn-63690.exe	35
PID 2756 wrote to memory of 2920	2756	Unicorn-10488.exe	36
PID 2756 wrote to memory of 2920	2756	Unicorn-10488.exe	36
PID 2756 wrote to memory of 2920	2756	Unicorn-10488.exe	36
PID 2756 wrote to memory of 2920	2756	Unicorn-10488.exe	36
PID 2260 wrote to memory of 2604	2260	Unicorn-33518.exe	37
PID 2260 wrote to memory of 2604	2260	Unicorn-33518.exe	37
PID 2260 wrote to memory of 2604	2260	Unicorn-33518.exe	37
PID 2260 wrote to memory of 2604	2260	Unicorn-33518.exe	37
PID 2296 wrote to memory of 2536	2296	Unicorn-15703.exe	38
PID 2296 wrote to memory of 2536	2296	Unicorn-15703.exe	38
PID 2296 wrote to memory of 2536	2296	Unicorn-15703.exe	38
PID 2296 wrote to memory of 2536	2296	Unicorn-15703.exe	38
PID 3052 wrote to memory of 1984	3052	Unicorn-20629.exe	39
PID 3052 wrote to memory of 1984	3052	Unicorn-20629.exe	39
PID 3052 wrote to memory of 1984	3052	Unicorn-20629.exe	39
PID 3052 wrote to memory of 1984	3052	Unicorn-20629.exe	39
PID 2932 wrote to memory of 2688	2932	Unicorn-27492.exe	40
PID 2932 wrote to memory of 2688	2932	Unicorn-27492.exe	40
PID 2932 wrote to memory of 2688	2932	Unicorn-27492.exe	40
PID 2932 wrote to memory of 2688	2932	Unicorn-27492.exe	40
PID 2224 wrote to memory of 2820	2224	fa637489cb726d92017a7201d6769a10N.exe	41
PID 2224 wrote to memory of 2820	2224	fa637489cb726d92017a7201d6769a10N.exe	41
PID 2224 wrote to memory of 2820	2224	fa637489cb726d92017a7201d6769a10N.exe	41
PID 2224 wrote to memory of 2820	2224	fa637489cb726d92017a7201d6769a10N.exe	41
PID 2616 wrote to memory of 2608	2616	Unicorn-4842.exe	42
PID 2616 wrote to memory of 2608	2616	Unicorn-4842.exe	42
PID 2616 wrote to memory of 2608	2616	Unicorn-4842.exe	42
PID 2616 wrote to memory of 2608	2616	Unicorn-4842.exe	42
PID 2264 wrote to memory of 2860	2264	Unicorn-63690.exe	43
PID 2264 wrote to memory of 2860	2264	Unicorn-63690.exe	43
PID 2264 wrote to memory of 2860	2264	Unicorn-63690.exe	43
PID 2264 wrote to memory of 2860	2264	Unicorn-63690.exe	43
PID 2608 wrote to memory of 2832	2608	Unicorn-24817.exe	44
PID 2608 wrote to memory of 2832	2608	Unicorn-24817.exe	44
PID 2608 wrote to memory of 2832	2608	Unicorn-24817.exe	44
PID 2608 wrote to memory of 2832	2608	Unicorn-24817.exe	44

C:\Users\Admin\AppData\Local\Temp\fa637489cb726d92017a7201d6769a10N.exe
"C:\Users\Admin\AppData\Local\Temp\fa637489cb726d92017a7201d6769a10N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 200
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        6⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        5⤵
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        5⤵
        
        PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        7⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        6⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        6⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        5⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        5⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        6⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        5⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        5⤵
        
        PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        5⤵
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29534.exe
      4⤵
      PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
      4⤵
      PID:612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
      4⤵
      PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
      4⤵
      PID:5032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        6⤵
        Executes dropped EXE
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        6⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        6⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        5⤵
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        5⤵
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        6⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        5⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
        5⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
      4⤵
      PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        5⤵
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      4⤵
      PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
      4⤵
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
      4⤵
      PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
      4⤵
      PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
    3⤵
    PID:688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
    3⤵
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
    3⤵
    PID:3292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
    3⤵
    PID:4276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
    3⤵
    PID:4168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        7⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        7⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23779.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        6⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        7⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        7⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        6⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        6⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        6⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        5⤵
        
        PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        7⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
        6⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
        6⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        6⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        6⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
        5⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        5⤵
        
        PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        5⤵
        
        PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        5⤵
        
        PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
      4⤵
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
      4⤵
      PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        7⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        6⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
        6⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        6⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        6⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        5⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        5⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        6⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14240.exe
        5⤵
        
        PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        5⤵
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        5⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        5⤵
        
        PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
      4⤵
      PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
      4⤵
      PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
      4⤵
      PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
      4⤵
      PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        6⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
        5⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        5⤵
        
        PID:620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        5⤵
        Program crash
        
        PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
      4⤵
      PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33870.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
      4⤵
      PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
      4⤵
      PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
      4⤵
      PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
      4⤵
      PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
      4⤵
      PID:4656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
    3⤵
    PID:1036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
    3⤵
    PID:2220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
    3⤵
    PID:4896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        6⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
        6⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        6⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        5⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        5⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        5⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        5⤵
        
        PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
      4⤵
      PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
      4⤵
      PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        6⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        5⤵
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
      4⤵
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
      4⤵
      PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
      4⤵
      PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
      4⤵
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        5⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        5⤵
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38962.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
      4⤵
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
      4⤵
      PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
    3⤵
    PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
    3⤵
    PID:4616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27533.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        5⤵
        
        PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16378.exe
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      4⤵
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
      4⤵
      PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
    3⤵
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23259.exe
      4⤵
      PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
    3⤵
    PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62380.exe
    3⤵
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
    3⤵
    PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
    3⤵
    PID:4772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
    3⤵
    PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42536.exe
    3⤵
    PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
    3⤵
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
    3⤵
    PID:4744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
  2⤵
  PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3376.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3376.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
  2⤵
  PID:3212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
  2⤵
  PID:3340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe

Filesize
468KB

MD5
50d11c458520aaa3b04383c315dc7c81

SHA1
fd748e4516b855ef6d7f460a7b4cd1079b583e0b

SHA256
ed7b6cd7625e05cda4e6d13d1e8397413fa6cecb7ad7c7999409102d4aed754b

SHA512
0f0d9433ff564b51d1c36fe54eca76f86f500fdbaa8c1e2e25e999cf5179b7510126399697b8a66b6f84920ad51d63349d6c2472fd9a286ad00a460c00dffdff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe

Filesize
468KB

MD5
b1b12379f681e11ed6d373d9fdf661e7

SHA1
800f2bb5e26cb4690ce42402bfb6c59bc8e4e913

SHA256
3e78b0f5275a3e7bd73d30dc5b6b231723b8b315997fb191d9e0ae36a6a55570

SHA512
ca4771b44edbb4d21e8b4eae93e82b9892bc4cc96e40fc56e9d5249f6dc6eaa72388a4a0e931c72269e6cb1e6a3db387ef48255334b0813c5f290eb86da88645

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe

Filesize
468KB

MD5
d8536376740608f2ff4adcd214468c5c

SHA1
0817f0ea33d73c3abc189cdcd5701dce3f644b87

SHA256
b662be8a299ce0e2f779362dc097a750bfc3c13d71a5c206f7336dcb792b51b8

SHA512
7e154bc3bab4ca0b9d04fca9aa13eda1a1598c9a5534be343d5b045d31fa79fed4db21eebc8c6e537004bc1b4297382e4e9a122a213b5b6b17a63186924d6591

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe

Filesize
468KB

MD5
417a65d28ab448ce0ccdeb9b008c815e

SHA1
20acc334170df3ce260b80bd23a46c11ad8bd734

SHA256
a7e0c635207e3cb2cd5d7ba790aad35a1cd146f8cbdfeb0ace72d049e1e8b55e

SHA512
56b3c617586f6f8c53aaa2671fd8ebd5f2e0329643ac6e486969ca8f7996a75fc2f41f274f561368f14e56ea36237320835cf94b20f475f8b01972ff389ab1fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe

Filesize
468KB

MD5
a611d260f609b25fbdb7f2ce6370aa94

SHA1
60c54480e1b772a2355d9708078f2cc6da8e99d9

SHA256
6b574c1571c1feed686cc96ea22b93a27dc9309c68dc179370719634175f7992

SHA512
9099e078a1c4689f78e54c398f3b08703a78049869dcc6cb4be147b167e4f9d862b2f1e6cf7aeabcb179db5dc58e3fdf9be0399bc96f3703196165866c0b254a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe

Filesize
468KB

MD5
178f84e4510c1341469449787a8e4233

SHA1
fdc336186cf0a07248a0e63686ba02f2d0fc1a97

SHA256
afacfee963538368f231024f4039c2cf25efea030d870751be97e26e3a9c8479

SHA512
221e33397e9754b76afa520700bb5f3ca9379e4b43461399f40a2833396172cebc10195494883c7116db5e36e3b4d9f711c815e1b1b7c37fd7511b84907b6d3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe

Filesize
468KB

MD5
dad5c8020274d067acd38d46fcbf0cef

SHA1
b46aab5d72ba739bce32825fdf61ad000c8d2451

SHA256
25786ab32143abb4df9f4b8830f52fa46418a58d672b7355b3dc3a7522014bd7

SHA512
66ae156988a1cadc7c1f2e6766f513bda014946e7e1979d88106b2ea7835b9930c233b3f7cca6163d6f4c685fa5fa82a9606a85a5f2b31f6614e373d9f39b9eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe

Filesize
468KB

MD5
97a19901989a19ebefd200aee0f0ddf6

SHA1
f64141daf5d7bf2b8b57ca6d9ed0ab2dd29dc489

SHA256
6f8dd221cccbb9972df3ca795c231a80b04c6481a836b7ae6925a82c31d8498a

SHA512
72663b533f46ecffa6bf6709f80acd8822f856b9cbc10105282e082b6f4de2d320ba329fbddda246ebb197c62b9a0297d107c566e93c8d790de23e31d0b52736

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe

Filesize
468KB

MD5
dc4850f4e5ad2ff0810194ec22a025a3

SHA1
682069cb7e6293618926464497d8568777a6b47b

SHA256
462a6c8275ad6f23a6c3f77c71433c776827e9d4b528025faa705198d57cd614

SHA512
a52750ae00dc4b2236588751a4702685bef847939cf9aa99653fad1fc23270ef63bfab937785925b177d8845f7fd460b3ffc92c09dc42eda7d4c7f6d2d5e3dff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe

Filesize
468KB

MD5
da31fd3e93684e00d4ccf251e1a7daf1

SHA1
d7264b59d6f0cd0a12484e703bc71f8d0b4ca5fd

SHA256
4edbdf4be8b6c29d75fab5003ebba3287cdc0c101558d9157dc7c2f51532efae

SHA512
0837125ea1f151ba63c1901cb1fae76f7545ce4996d2ed7d32937b7de850830cbcc095d11546be4aae9f294012d5aab92882b9176b77d0edfeb80ce578541797

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe

Filesize
468KB

MD5
0f9efb9dab4df1204bc9150eb57cc392

SHA1
fe64b22d77ba5f3dfb8b92c64d3d4c0ef8fca316

SHA256
84c69851ee1c35948622e3966cdc16cdda4932d57c711d146c89665399f0269a

SHA512
4d99685034097fb02d0101389d6371c0ba1e7859388974772b64f912c3e73365900f66c753f39ed2542aef66d22721ff51abdfbfed064fd263aedaa1f154278b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe

Filesize
468KB

MD5
abbf62b0b6f70261c2d97213da7e2b76

SHA1
6ceb96adeacaf5506e7e0886bcf624b6d0bdb07f

SHA256
3b95dde15cd83f1d2eda9b2d69c377372dfc0206d2869a643f931fd13d60e477

SHA512
ddc8f0fa6b1720287b0a8354fb353a93de76a776d785efe1a67da15818ae22b9c080727e0a40140d16abfc99d45f3ec85825ec75c3dcfebd9afe4ecf208154ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe

Filesize
468KB

MD5
53db38c3fc7ccb9a38625a58baea0e4f

SHA1
d2ae5bc945c65b7f6659d43c5e9ecf655321ecf5

SHA256
9d8811735862083daa5b6a989679a67bf4d0cd3a94d015c973541d1c1a32edec

SHA512
a536cf0293da68debb6d62b12e803914acae2c6ffd9619d61fa1f61068779d328101bd9fc0990da9c110abc8721eab5bc3db757eac21ad08ca99cdba1ae1dff9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe

Filesize
468KB

MD5
ecc7230ad7848f76a71af88fe90ba8b1

SHA1
3e3646a38d450ed5d34f6ddd2528794165fab7be

SHA256
047be9c7043a8456c0a730333f222997475af2a22f0f8c8e6e32ed847ae772dd

SHA512
bda6912babe46b05ffd39770ec9632fc80b90b15777de4032cd0330df88ee408bce91cea0b6d4410ed3c6ded6efa910418b18096d3cba28204f9cce6725cc232

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe

Filesize
468KB

MD5
e03eb8cb46cfc9379f173371a271f531

SHA1
910a64f9e8429c2f1e4d8eb1b9319fed89c3bc1c

SHA256
5d80b19891369cebaf923f7c893bfb30d13473c59460c01724c5a415315e0784

SHA512
27a80a7454fa3241337466531e3904e0afdcb27cc50b7b898868d60f601414194f283f042faaabf28aee25dc5d380b2b5655c1f12925e9856dd360c205cfe355

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe

Filesize
468KB

MD5
6b5a3fd4f5f4b1af8fa100f917b75b4a

SHA1
318e8202e0063983e60bb85fad14fd7ce5c6b83e

SHA256
4dc9a1af1ae8712cf76eef59b6041197f912902e438c7fcd823e88c982e5b729

SHA512
2448da05dd750731ec83d2df1d556496ec92aaaf0c144f215b9e33784d4bf6439abf620d93a0664c94c2b8159e134a135858506531fd6272ec37be8517c83b1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe

Filesize
468KB

MD5
1fa3a04e7d53b030bf59e3383eff7fa2

SHA1
0d0e2be7e46940bb4bc1174438b63a923e933945

SHA256
f4813fca96876420ae843c1a5c7884f26ca88ff066678723804dc69dcf9b82ca

SHA512
eaf7a315700482a32def9147986bede07a2ff0b97698c47793a93c7932f98dcf0a410f75da01c1ca98701ad18bcb2e253ed0f676c696d0f3e1f6fc19d253a0f5

Download Submit