f9c57a3f0116da482e4ff7784109ccc1b5e9f08b59f7bc4250a0fcc3c65cb983

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 11:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f88787088041df732b57291148ac480N.exe
Size

468KB
MD5

2f88787088041df732b57291148ac480
SHA1

0ce83592cb191a5a8bce47d9b9032922dd06b046
SHA256

f9c57a3f0116da482e4ff7784109ccc1b5e9f08b59f7bc4250a0fcc3c65cb983
SHA512

f1a3996bd1500774dbeeea2ce42c79a0086dc34f08fd3f45f8228c976d630d3224f91acf2f245dcaf651cdec21d2526b166f872d2a700bcd4da82e7824a61862
SSDEEP

3072:MUyUoAOdI0hUtbYJPzt6fm8/O9pxvhpllmHeRVs+vuTAoSKuEPlD:MUNo2kUtOPJ6fm/HhHvu8bKuE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2712	Unicorn-24206.exe
3040	Unicorn-56816.exe
3052	Unicorn-57371.exe
2704	Unicorn-59203.exe
2512	Unicorn-52881.exe
2504	Unicorn-34699.exe
2128	Unicorn-10749.exe
2468	Unicorn-60389.exe
2208	Unicorn-40331.exe
572	Unicorn-19357.exe
1744	Unicorn-14815.exe
2804	Unicorn-15080.exe
1496	Unicorn-15080.exe
1360	Unicorn-29178.exe
2040	Unicorn-60752.exe
2448	Unicorn-16316.exe
2772	Unicorn-4426.exe
2996	Unicorn-28267.exe
2316	Unicorn-5277.exe
1132	Unicorn-12698.exe
2400	Unicorn-40717.exe
900	Unicorn-57815.exe
1088	Unicorn-30078.exe
2888	Unicorn-34427.exe
1516	Unicorn-30343.exe
1620	Unicorn-44633.exe
756	Unicorn-59294.exe
2324	Unicorn-17707.exe
1912	Unicorn-38681.exe
1720	Unicorn-57286.exe
1020	Unicorn-48002.exe
2240	Unicorn-1261.exe
2160	Unicorn-27995.exe
1580	Unicorn-49886.exe
3032	Unicorn-17768.exe
736	Unicorn-1453.exe
2852	Unicorn-49952.exe
2520	Unicorn-15241.exe
2656	Unicorn-36024.exe
2612	Unicorn-31386.exe
2968	Unicorn-53668.exe
904	Unicorn-2688.exe
1876	Unicorn-18833.exe
1236	Unicorn-51313.exe
2720	Unicorn-22725.exe
860	Unicorn-19003.exe
992	Unicorn-61380.exe
2168	Unicorn-31090.exe
1904	Unicorn-11987.exe
1892	Unicorn-52081.exe
2016	Unicorn-17882.exe
708	Unicorn-18148.exe
2372	Unicorn-34484.exe
2328	Unicorn-25229.exe
2872	Unicorn-11494.exe
2108	Unicorn-51972.exe
2256	Unicorn-51972.exe
1596	Unicorn-5769.exe
748	Unicorn-57571.exe
2532	Unicorn-40488.exe
1780	Unicorn-64727.exe
1612	Unicorn-31936.exe
2848	Unicorn-62754.exe
1692	Unicorn-62417.exe

Loads dropped DLL 64 IoCs

pid	Process
2724	2f88787088041df732b57291148ac480N.exe
2724	2f88787088041df732b57291148ac480N.exe
2724	2f88787088041df732b57291148ac480N.exe
2712	Unicorn-24206.exe
2712	Unicorn-24206.exe
2724	2f88787088041df732b57291148ac480N.exe
3040	Unicorn-56816.exe
3040	Unicorn-56816.exe
2724	2f88787088041df732b57291148ac480N.exe
3052	Unicorn-57371.exe
2724	2f88787088041df732b57291148ac480N.exe
3052	Unicorn-57371.exe
2712	Unicorn-24206.exe
2712	Unicorn-24206.exe
2704	Unicorn-59203.exe
2704	Unicorn-59203.exe
3040	Unicorn-56816.exe
3040	Unicorn-56816.exe
2512	Unicorn-52881.exe
2512	Unicorn-52881.exe
2724	2f88787088041df732b57291148ac480N.exe
2724	2f88787088041df732b57291148ac480N.exe
2504	Unicorn-34699.exe
2128	Unicorn-10749.exe
2504	Unicorn-34699.exe
2128	Unicorn-10749.exe
2712	Unicorn-24206.exe
3052	Unicorn-57371.exe
2712	Unicorn-24206.exe
3052	Unicorn-57371.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
2468	Unicorn-60389.exe
2468	Unicorn-60389.exe
2704	Unicorn-59203.exe
2704	Unicorn-59203.exe
2804	Unicorn-15080.exe
2804	Unicorn-15080.exe
2128	Unicorn-10749.exe
2128	Unicorn-10749.exe
1744	Unicorn-14815.exe
1744	Unicorn-14815.exe
2724	2f88787088041df732b57291148ac480N.exe
2724	2f88787088041df732b57291148ac480N.exe
1360	Unicorn-29178.exe
1360	Unicorn-29178.exe
2712	Unicorn-24206.exe
2040	Unicorn-60752.exe
572	Unicorn-19357.exe
2712	Unicorn-24206.exe
2040	Unicorn-60752.exe
572	Unicorn-19357.exe
3052	Unicorn-57371.exe
3052	Unicorn-57371.exe
2512	Unicorn-52881.exe
2512	Unicorn-52881.exe
1496	Unicorn-15080.exe
1496	Unicorn-15080.exe
2504	Unicorn-34699.exe
2504	Unicorn-34699.exe
2448	Unicorn-16316.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1204	2208	WerFault.exe	38

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35022.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2724	2f88787088041df732b57291148ac480N.exe
2712	Unicorn-24206.exe
3040	Unicorn-56816.exe
3052	Unicorn-57371.exe
2704	Unicorn-59203.exe
2504	Unicorn-34699.exe
2128	Unicorn-10749.exe
2512	Unicorn-52881.exe
2468	Unicorn-60389.exe
2804	Unicorn-15080.exe
1360	Unicorn-29178.exe
1744	Unicorn-14815.exe
1496	Unicorn-15080.exe
572	Unicorn-19357.exe
2040	Unicorn-60752.exe
2448	Unicorn-16316.exe
2772	Unicorn-4426.exe
2996	Unicorn-28267.exe
2316	Unicorn-5277.exe
1132	Unicorn-12698.exe
2400	Unicorn-40717.exe
900	Unicorn-57815.exe
1088	Unicorn-30078.exe
2888	Unicorn-34427.exe
1516	Unicorn-30343.exe
1620	Unicorn-44633.exe
756	Unicorn-59294.exe
2324	Unicorn-17707.exe
1720	Unicorn-57286.exe
1912	Unicorn-38681.exe
1020	Unicorn-48002.exe
2240	Unicorn-1261.exe
2160	Unicorn-27995.exe
3032	Unicorn-17768.exe
1580	Unicorn-49886.exe
2852	Unicorn-49952.exe
736	Unicorn-1453.exe
2520	Unicorn-15241.exe
2656	Unicorn-36024.exe
2612	Unicorn-31386.exe
904	Unicorn-2688.exe
2968	Unicorn-53668.exe
1876	Unicorn-18833.exe
1236	Unicorn-51313.exe
2720	Unicorn-22725.exe
860	Unicorn-19003.exe
1904	Unicorn-11987.exe
1892	Unicorn-52081.exe
2168	Unicorn-31090.exe
2016	Unicorn-17882.exe
708	Unicorn-18148.exe
2372	Unicorn-34484.exe
992	Unicorn-61380.exe
2256	Unicorn-51972.exe
2872	Unicorn-11494.exe
2108	Unicorn-51972.exe
2328	Unicorn-25229.exe
748	Unicorn-57571.exe
1596	Unicorn-5769.exe
2532	Unicorn-40488.exe
1780	Unicorn-64727.exe
2848	Unicorn-62754.exe
1612	Unicorn-31936.exe
1692	Unicorn-62417.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2712	2724	2f88787088041df732b57291148ac480N.exe	30
PID 2724 wrote to memory of 2712	2724	2f88787088041df732b57291148ac480N.exe	30
PID 2724 wrote to memory of 2712	2724	2f88787088041df732b57291148ac480N.exe	30
PID 2724 wrote to memory of 2712	2724	2f88787088041df732b57291148ac480N.exe	30
PID 2712 wrote to memory of 3040	2712	Unicorn-24206.exe	31
PID 2712 wrote to memory of 3040	2712	Unicorn-24206.exe	31
PID 2712 wrote to memory of 3040	2712	Unicorn-24206.exe	31
PID 2712 wrote to memory of 3040	2712	Unicorn-24206.exe	31
PID 2724 wrote to memory of 3052	2724	2f88787088041df732b57291148ac480N.exe	32
PID 2724 wrote to memory of 3052	2724	2f88787088041df732b57291148ac480N.exe	32
PID 2724 wrote to memory of 3052	2724	2f88787088041df732b57291148ac480N.exe	32
PID 2724 wrote to memory of 3052	2724	2f88787088041df732b57291148ac480N.exe	32
PID 3040 wrote to memory of 2704	3040	Unicorn-56816.exe	33
PID 3040 wrote to memory of 2704	3040	Unicorn-56816.exe	33
PID 3040 wrote to memory of 2704	3040	Unicorn-56816.exe	33
PID 3040 wrote to memory of 2704	3040	Unicorn-56816.exe	33
PID 2724 wrote to memory of 2512	2724	2f88787088041df732b57291148ac480N.exe	35
PID 2724 wrote to memory of 2512	2724	2f88787088041df732b57291148ac480N.exe	35
PID 2724 wrote to memory of 2512	2724	2f88787088041df732b57291148ac480N.exe	35
PID 2724 wrote to memory of 2512	2724	2f88787088041df732b57291148ac480N.exe	35
PID 3052 wrote to memory of 2504	3052	Unicorn-57371.exe	34
PID 3052 wrote to memory of 2504	3052	Unicorn-57371.exe	34
PID 3052 wrote to memory of 2504	3052	Unicorn-57371.exe	34
PID 3052 wrote to memory of 2504	3052	Unicorn-57371.exe	34
PID 2712 wrote to memory of 2128	2712	Unicorn-24206.exe	36
PID 2712 wrote to memory of 2128	2712	Unicorn-24206.exe	36
PID 2712 wrote to memory of 2128	2712	Unicorn-24206.exe	36
PID 2712 wrote to memory of 2128	2712	Unicorn-24206.exe	36
PID 2704 wrote to memory of 2468	2704	Unicorn-59203.exe	37
PID 2704 wrote to memory of 2468	2704	Unicorn-59203.exe	37
PID 2704 wrote to memory of 2468	2704	Unicorn-59203.exe	37
PID 2704 wrote to memory of 2468	2704	Unicorn-59203.exe	37
PID 3040 wrote to memory of 2208	3040	Unicorn-56816.exe	38
PID 3040 wrote to memory of 2208	3040	Unicorn-56816.exe	38
PID 3040 wrote to memory of 2208	3040	Unicorn-56816.exe	38
PID 3040 wrote to memory of 2208	3040	Unicorn-56816.exe	38
PID 2512 wrote to memory of 572	2512	Unicorn-52881.exe	39
PID 2512 wrote to memory of 572	2512	Unicorn-52881.exe	39
PID 2512 wrote to memory of 572	2512	Unicorn-52881.exe	39
PID 2512 wrote to memory of 572	2512	Unicorn-52881.exe	39
PID 2724 wrote to memory of 1744	2724	2f88787088041df732b57291148ac480N.exe	40
PID 2724 wrote to memory of 1744	2724	2f88787088041df732b57291148ac480N.exe	40
PID 2724 wrote to memory of 1744	2724	2f88787088041df732b57291148ac480N.exe	40
PID 2724 wrote to memory of 1744	2724	2f88787088041df732b57291148ac480N.exe	40
PID 2504 wrote to memory of 1496	2504	Unicorn-34699.exe	41
PID 2504 wrote to memory of 1496	2504	Unicorn-34699.exe	41
PID 2504 wrote to memory of 1496	2504	Unicorn-34699.exe	41
PID 2504 wrote to memory of 1496	2504	Unicorn-34699.exe	41
PID 2128 wrote to memory of 2804	2128	Unicorn-10749.exe	42
PID 2128 wrote to memory of 2804	2128	Unicorn-10749.exe	42
PID 2128 wrote to memory of 2804	2128	Unicorn-10749.exe	42
PID 2128 wrote to memory of 2804	2128	Unicorn-10749.exe	42
PID 2712 wrote to memory of 1360	2712	Unicorn-24206.exe	43
PID 2712 wrote to memory of 1360	2712	Unicorn-24206.exe	43
PID 2712 wrote to memory of 1360	2712	Unicorn-24206.exe	43
PID 2712 wrote to memory of 1360	2712	Unicorn-24206.exe	43
PID 3052 wrote to memory of 2040	3052	Unicorn-57371.exe	44
PID 3052 wrote to memory of 2040	3052	Unicorn-57371.exe	44
PID 3052 wrote to memory of 2040	3052	Unicorn-57371.exe	44
PID 3052 wrote to memory of 2040	3052	Unicorn-57371.exe	44
PID 2208 wrote to memory of 1204	2208	Unicorn-40331.exe	45
PID 2208 wrote to memory of 1204	2208	Unicorn-40331.exe	45
PID 2208 wrote to memory of 1204	2208	Unicorn-40331.exe	45
PID 2208 wrote to memory of 1204	2208	Unicorn-40331.exe	45

C:\Users\Admin\AppData\Local\Temp\2f88787088041df732b57291148ac480N.exe
"C:\Users\Admin\AppData\Local\Temp\2f88787088041df732b57291148ac480N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
        9⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19720.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4738.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        7⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        7⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        6⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18993.exe
        6⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        6⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40011.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        7⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30648.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
        6⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        6⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
        6⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        7⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        7⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4431.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        6⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 180
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
      4⤵
      PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
        6⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58796.exe
        6⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        7⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        6⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        5⤵
        
        PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22393.exe
        6⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        6⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        5⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        5⤵
        
        PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
        5⤵
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        5⤵
        
        PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
      4⤵
      PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
      4⤵
      PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
      4⤵
      PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
      4⤵
      PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        6⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        5⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
        5⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        5⤵
        
        PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        5⤵
        
        PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
      4⤵
      PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
      4⤵
      PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
      4⤵
      PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
      4⤵
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        5⤵
        
        PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
      4⤵
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        5⤵
        
        PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
      4⤵
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
      4⤵
      PID:4556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
      4⤵
      PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
      4⤵
      PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
      4⤵
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
      4⤵
      PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
    3⤵
    PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6966.exe
    3⤵
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50918.exe
      4⤵
      PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
    3⤵
    PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
    3⤵
    PID:5004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51972.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        6⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62276.exe
        6⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        5⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51972.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        6⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        6⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        5⤵
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        5⤵
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62273.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27207.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        5⤵
        
        PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34572.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
      4⤵
      PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
        6⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
        5⤵
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19720.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        5⤵
        
        PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        5⤵
        
        PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
      4⤵
      PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
        5⤵
        
        PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
      4⤵
      PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        5⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
      4⤵
      PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37731.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
      4⤵
      PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
    3⤵
    PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20570.exe
    3⤵
    PID:1404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
    3⤵
    PID:920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
    3⤵
    PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20054.exe
    3⤵
    PID:4448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2688.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        6⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        5⤵
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        5⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        5⤵
        
        PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
      4⤵
      PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40888.exe
      4⤵
      PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
      4⤵
      PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        5⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        5⤵
        
        PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
      4⤵
      PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13680.exe
      4⤵
      PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
      4⤵
      PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
    3⤵
    PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
    3⤵
    PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
    3⤵
    PID:4008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
    3⤵
    PID:4244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
    3⤵
    PID:4648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15241.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        5⤵
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        5⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        5⤵
        
        PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
      4⤵
      PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
      4⤵
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
      4⤵
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
      4⤵
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
      4⤵
      PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44318.exe
      4⤵
      PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
      4⤵
      PID:820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
      4⤵
      PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
    3⤵
    PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
    3⤵
    PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
    3⤵
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
    3⤵
    PID:4668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40717.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40717.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31386.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13757.exe
      4⤵
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
      4⤵
      PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
    3⤵
    PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
    3⤵
    PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
    3⤵
    PID:5064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
    3⤵
    PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
    3⤵
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
    3⤵
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
    3⤵
    PID:1412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
  2⤵
  PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
  2⤵
  PID:3148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
  2⤵
  PID:3760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe

Filesize
468KB

MD5
ba16de4a30456f27bd96a10ca5080352

SHA1
531789aedd3efa198c682b3c54ae73803259f96d

SHA256
9468af393bd54dcef1147d2cc1f8a5fe99ff5bd29cd6914e55f188346162a781

SHA512
6b74b035b09490902a39045c50c9ba216b0e1cdc6931e3fad2479611cd0e3a3b4614536a6ca0558865bea30ecaf4912dda72921d25ef946e81741e2efa6dd76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe

Filesize
468KB

MD5
103f18409b8358805aabf8bf5a336907

SHA1
f3a49b76224e67217d300b41f543856ac486d77d

SHA256
92c90ee7c54438c3c771991d4fc27ff7062d15197ce469af14f10e3fa12122c1

SHA512
d5dbba34e57b79ea84f93d4a17f1da0fd67f5eaff5af9bd90fc912008cc9acef41eb3711be202716b0e4e36975c5c173cf79c4b47ab62fcd5d79105eb4104d71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe

Filesize
468KB

MD5
81731c1ba6c6cc72de27a43ea0225d68

SHA1
246b72cca458c7c639450aac5563b29faeb086bc

SHA256
eb76f0586ae2268e914d8f04139e3e72dcfc51c64223be1d176b0ea38d30a4f0

SHA512
a0767b44a1bc51454cf286897677f955d4cd77fbb21af2b54f3d0d6f51740f5ac532ef1a9a7beb109effd5b05d4f16b91174dc4c1be28763a4e5864375c13538

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe

Filesize
468KB

MD5
1836ed95ecae29b52508a0ec61e149b8

SHA1
617a4e74e860e0c163378cb2ef9615b8c3ef651e

SHA256
7cebed3365aa41c2807db61d840b47d08e2ee1af28e18dfbb9b598d02222e8f4

SHA512
dc871c7e23dfd4f879f37dfd1a273bf38d260399760badcc9277c53e29866975855783fd8262b9185642230afcdd3630d921adbc99e1d382aa0a0b3bfe1467d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe

Filesize
468KB

MD5
6129ea818de1083884c21ba6ad59dcad

SHA1
ededdf43aaeb60832bcdda9a70b95061366af97f

SHA256
30092f4765ea6925cb371a82e16e245627bc242e0560581b968c42d11e9c5306

SHA512
c5620f5ca8eaf1751efe86fe1494880fb2279e9eb8a32f37a2fe95071354e0a95c3f989d32140e2baf9838779153eff940a033301fae343163745bfdf1145f99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe

Filesize
468KB

MD5
92d0a3fdcace71556cd3f8da278a60ab

SHA1
dd380672f9cfefbd34a1285450638249ee932fd7

SHA256
5908ce63070abcc5cb1f3e9db8e37355f228cc3bc6859b45e41be37afe3e6eaa

SHA512
eba3481dd5d77f4168f2da903a550ae428354fdca93ef6774b065a17aceceb8ca7a5e90b1a41aecf2fb4217edcdc095cc6e99adb5e6c84babe21f620f3fc13f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe

Filesize
468KB

MD5
6570e576b6f62b93906a8a5eeb971820

SHA1
277d60530c47e0f3b61d7b7da292bd8996ad4502

SHA256
4f6151f7ccd0c8be5b1d6ebbd6b446309b42c0c159e457d59e96785ad214a346

SHA512
a97f1aed08ca1e33c22d14207716f5f109053926a91134d208f6927bf05a397a05b3a99cc3bd4e4f3ad5940f83ee8a4bee6122bf3dec7b23e16b2047c890f015

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe

Filesize
468KB

MD5
3bcd039c99246255a9e0d96dc82b9bf3

SHA1
897a46c3b56d8e994087cf6592c4dab97d97a55e

SHA256
dba9ddecdeabcaacb352ff1ac79424b5f94e882b105334274244807af8db83d6

SHA512
0ecb26582ba22f20a0b481610bbf00e67c54fee57d5cb95978a49f3cadde254516e794e10560fd63623b10d38adcd88f3bd7d2187f3b22862e7520e2a38f4092

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe

Filesize
468KB

MD5
47a62806f43fb6a0a2cdd5b975ff26be

SHA1
b2cd58482c7b0ace04cff8e5e46194a0cb87acc9

SHA256
d5ab10532d335eea3378e9a0b0514b6fa7b5affeeeba11ae390bfa665b9a411f

SHA512
2ace0a10a45d830cfc1fc4c1ca47564244b7a8444bc55e7b44092dcf198fa199ae050622fdd4926d06c964784a87c381eceaae2e34d864720144a3c412c0690e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe

Filesize
468KB

MD5
71cdca227dc2b6bc40a5f711e6a8068e

SHA1
55bf9f72b54a767c28f62ed9056e8f4a1b99e458

SHA256
03fe2e376448a92f99a7582452c8d47922188959932e874267d480f4fde20813

SHA512
ef09bff0a323bc43485cb3faabe6335309a43914f4d6b655cce84312b7fd1f491b6bb9a6e4efeb1b32c0284843e2fdf5cb4fb9c20cf58caa63a0865b426d1ace

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe

Filesize
468KB

MD5
fd2e04c96b76bef5c3002ccee2d1b862

SHA1
ffc09882e5669fba8491c6e7633871294c21ca2b

SHA256
c9df70cc5eed36c18a4dd0f78db56f25b35f45dde09cbdbd18a6611a655bfc2d

SHA512
f911a5a745b2fb552ad22ca91aeb92f127b7c744237e86b98e0e7ed70604711a030634abb1f4ba406eb74c77242ceb97a2db4ea26a9e73988ad26b81cdc63e96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe

Filesize
468KB

MD5
caa4b4d782c9c67e79d8c01e87b6a3a7

SHA1
efce053c21e103802a337eacf42b730072a84a58

SHA256
ffd5e32eb3aadd0cb7a8a08ca6d752dbab722a61cac88ae6a3ee8f7d7ebe8b55

SHA512
3975f8a1a5d79d5812603933647fb881d0acd6a83aadd4e698b65d8f8ebb56c6cfb5b2090daa3abc8fbaa201cc866f4398475c1f223028f50da807d808da867f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe

Filesize
468KB

MD5
6105623e4131bfd609ba6ec4b3856dc5

SHA1
8697d77ecbe785a941c07a8ae6ea7ba3e16503cc

SHA256
67ec0152761a286defa74da19844486ad907789f96a3766ca4181e382ce3dddd

SHA512
fc234e0fa66c0171bf5767ed72630777d9acd401af9de08c3c48521ea6f051e71700d4c8e7cdd041747add7c5b703666581e1b542ead435d733b490a3b974f5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe

Filesize
468KB

MD5
fc6cd4c81fd56db42f478701a2b07672

SHA1
8bfb783d6cd5bab7316331e0db5051bffe363f9c

SHA256
ad95e5876dc9da2f332a6897be7b0999db63c636de9b3c1f8ef7c62ac11aa3f7

SHA512
f221033b37d4def96f028cd1d11a6ea8176fcfc476cff4764aef2106af2f773397a0d3ff77f48d9ee4a42b3d16a0ef828634d2ca85b819798ff4eb5faab64217

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe

Filesize
468KB

MD5
2576ba42a38978750e40dbbe63b32df1

SHA1
8504c4da14937840ed85ee9732a89d9f83990e4d

SHA256
3ea35b081d0072f7a3c40ca09142c69f325990b7b1d7e10a1d3cf94afa60fdaf

SHA512
abb8bc14689dc0dc233a5ace147d8a603dd2a9739626c1e2619b66fe00ed95c8c8ed849734621ac8c33001d64cc663088d99372b04e01193c66551c07d2ce0fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe

Filesize
468KB

MD5
0097c3a4119cdd667cb5e98cdb8a5f02

SHA1
4bc95f703a80f26466ccc77529fa835809f98e29

SHA256
8f4f347f4f78959aacef7e07b1f2fdea2b4220145a23f209cf9ed88661ad4273

SHA512
fa6436513ca627b18583ccaf2e15a33fd45155753dc2163023a5b1b449f3b88f5d825eef9c6af5b3ac9f9f5c6ca3c35c518b21f55803d8fadec9d807dd4f981f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe

Filesize
468KB

MD5
926de7b5abbe52bfb4a4a12a632dc2e6

SHA1
f5d725a49317e684b3cbb0e263a24b1df8a6a73c

SHA256
da7d61f4d281b7ae9b980af6bd5742b9d99373e36a492d51a9bcba62e659a535

SHA512
9c596d2776a0ee5140dd2c6aa4f4704a5ad25de0753beb738739c17b9d5e37d7c1508a58761700304f6ed8fe53f1a58cb797f263eb8ae7c5ea303feb8103851c

Download Submit