e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
Size

468KB
MD5

937d8543ba66a3f9591a2085a2e62714
SHA1

4da295c7d7580ff95be36f6dae9cb87454587db6
SHA256

e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e
SHA512

8c002098147cc648bd06c69e34344abf21b9c90c16c3abf14659dd516aeca50e654faa66e06aa90eb5f35679b301716601036e592f62d0000b91a00041069b45
SSDEEP

3072:1EAXogIdI05YcbYMPzVjff8/yCMCGONpnmHkxVhLTFF+dbBjHqlw:1EIow8Yc7PRjffHqxBTFstBjH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2744	Unicorn-719.exe
2712	Unicorn-56879.exe
2516	Unicorn-20869.exe
2512	Unicorn-4352.exe
2680	Unicorn-20497.exe
2900	Unicorn-14558.exe
1540	Unicorn-3511.exe
1544	Unicorn-50515.exe
2836	Unicorn-64858.exe
2228	Unicorn-18803.exe
1644	Unicorn-36566.exe
2380	Unicorn-16700.exe
2240	Unicorn-30435.exe
1084	Unicorn-36566.exe
1512	Unicorn-4505.exe
592	Unicorn-24994.exe
932	Unicorn-44729.exe
1716	Unicorn-48341.exe
3040	Unicorn-10664.exe
2868	Unicorn-32747.exe
708	Unicorn-22571.exe
1620	Unicorn-22306.exe
1828	Unicorn-17780.exe
3020	Unicorn-4781.exe
2608	Unicorn-4781.exe
1536	Unicorn-33627.exe
1352	Unicorn-19892.exe
2260	Unicorn-39758.exe
1216	Unicorn-22846.exe
2788	Unicorn-1143.exe
2872	Unicorn-28990.exe
764	Unicorn-22052.exe
2896	Unicorn-8019.exe
1972	Unicorn-53691.exe
2924	Unicorn-33601.exe
2784	Unicorn-45207.exe
2760	Unicorn-24957.exe
2972	Unicorn-28186.exe
2752	Unicorn-63089.exe
2780	Unicorn-63354.exe
1712	Unicorn-9446.exe
2480	Unicorn-19136.exe
1728	Unicorn-14153.exe
2584	Unicorn-2223.exe
2004	Unicorn-26233.exe
3012	Unicorn-51699.exe
3008	Unicorn-46804.exe
3056	Unicorn-37283.exe
752	Unicorn-17766.exe
2036	Unicorn-56032.exe
2384	Unicorn-10095.exe
1952	Unicorn-10360.exe
1032	Unicorn-10360.exe
2496	Unicorn-26505.exe
672	Unicorn-26505.exe
692	Unicorn-7682.exe
2336	Unicorn-20457.exe
2328	Unicorn-43116.exe
1760	Unicorn-10251.exe
1980	Unicorn-56966.exe
952	Unicorn-60303.exe
1244	Unicorn-13214.exe
1580	Unicorn-54640.exe
768	Unicorn-28699.exe

Loads dropped DLL 64 IoCs

pid	Process
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2744	Unicorn-719.exe
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2744	Unicorn-719.exe
2516	Unicorn-20869.exe
2712	Unicorn-56879.exe
2712	Unicorn-56879.exe
2516	Unicorn-20869.exe
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2744	Unicorn-719.exe
2744	Unicorn-719.exe
2512	Unicorn-4352.exe
2512	Unicorn-4352.exe
2712	Unicorn-56879.exe
2712	Unicorn-56879.exe
2680	Unicorn-20497.exe
2680	Unicorn-20497.exe
2900	Unicorn-14558.exe
1540	Unicorn-3511.exe
2900	Unicorn-14558.exe
1540	Unicorn-3511.exe
2516	Unicorn-20869.exe
2516	Unicorn-20869.exe
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2744	Unicorn-719.exe
2744	Unicorn-719.exe
1544	Unicorn-50515.exe
1544	Unicorn-50515.exe
2512	Unicorn-4352.exe
2512	Unicorn-4352.exe
2836	Unicorn-64858.exe
2836	Unicorn-64858.exe
2712	Unicorn-56879.exe
2712	Unicorn-56879.exe
2240	Unicorn-30435.exe
2240	Unicorn-30435.exe
2744	Unicorn-719.exe
1084	Unicorn-36566.exe
2744	Unicorn-719.exe
1084	Unicorn-36566.exe
1540	Unicorn-3511.exe
1540	Unicorn-3511.exe
1644	Unicorn-36566.exe
2380	Unicorn-16700.exe
1644	Unicorn-36566.exe
2380	Unicorn-16700.exe
2900	Unicorn-14558.exe
2516	Unicorn-20869.exe
1512	Unicorn-4505.exe
2516	Unicorn-20869.exe
2900	Unicorn-14558.exe
1512	Unicorn-4505.exe
2228	Unicorn-18803.exe
2228	Unicorn-18803.exe
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2680	Unicorn-20497.exe
2680	Unicorn-20497.exe
592	Unicorn-24994.exe
592	Unicorn-24994.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3352	3244	WerFault.exe	195
3896	3220	WerFault.exe	194

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52178.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
2744	Unicorn-719.exe
2516	Unicorn-20869.exe
2712	Unicorn-56879.exe
2680	Unicorn-20497.exe
2512	Unicorn-4352.exe
2900	Unicorn-14558.exe
1540	Unicorn-3511.exe
1544	Unicorn-50515.exe
2836	Unicorn-64858.exe
2240	Unicorn-30435.exe
2228	Unicorn-18803.exe
1644	Unicorn-36566.exe
1084	Unicorn-36566.exe
2380	Unicorn-16700.exe
1512	Unicorn-4505.exe
592	Unicorn-24994.exe
932	Unicorn-44729.exe
1716	Unicorn-48341.exe
3040	Unicorn-10664.exe
2868	Unicorn-32747.exe
1620	Unicorn-22306.exe
1828	Unicorn-17780.exe
2608	Unicorn-4781.exe
708	Unicorn-22571.exe
3020	Unicorn-4781.exe
1352	Unicorn-19892.exe
1536	Unicorn-33627.exe
2260	Unicorn-39758.exe
1216	Unicorn-22846.exe
2788	Unicorn-1143.exe
2872	Unicorn-28990.exe
764	Unicorn-22052.exe
1972	Unicorn-53691.exe
2896	Unicorn-8019.exe
2924	Unicorn-33601.exe
2784	Unicorn-45207.exe
2760	Unicorn-24957.exe
2972	Unicorn-28186.exe
2752	Unicorn-63089.exe
2780	Unicorn-63354.exe
1712	Unicorn-9446.exe
2480	Unicorn-19136.exe
1728	Unicorn-14153.exe
2584	Unicorn-2223.exe
3012	Unicorn-51699.exe
2004	Unicorn-26233.exe
1952	Unicorn-10360.exe
3056	Unicorn-37283.exe
2036	Unicorn-56032.exe
1032	Unicorn-10360.exe
3008	Unicorn-46804.exe
672	Unicorn-26505.exe
2384	Unicorn-10095.exe
752	Unicorn-17766.exe
2496	Unicorn-26505.exe
692	Unicorn-7682.exe
2336	Unicorn-20457.exe
1760	Unicorn-10251.exe
2328	Unicorn-43116.exe
1980	Unicorn-56966.exe
952	Unicorn-60303.exe
1244	Unicorn-13214.exe
1580	Unicorn-54640.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2744	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	30
PID 2964 wrote to memory of 2744	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	30
PID 2964 wrote to memory of 2744	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	30
PID 2964 wrote to memory of 2744	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	30
PID 2964 wrote to memory of 2516	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	31
PID 2964 wrote to memory of 2516	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	31
PID 2964 wrote to memory of 2516	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	31
PID 2964 wrote to memory of 2516	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	31
PID 2744 wrote to memory of 2712	2744	Unicorn-719.exe	32
PID 2744 wrote to memory of 2712	2744	Unicorn-719.exe	32
PID 2744 wrote to memory of 2712	2744	Unicorn-719.exe	32
PID 2744 wrote to memory of 2712	2744	Unicorn-719.exe	32
PID 2712 wrote to memory of 2512	2712	Unicorn-56879.exe	34
PID 2712 wrote to memory of 2512	2712	Unicorn-56879.exe	34
PID 2712 wrote to memory of 2512	2712	Unicorn-56879.exe	34
PID 2712 wrote to memory of 2512	2712	Unicorn-56879.exe	34
PID 2516 wrote to memory of 2680	2516	Unicorn-20869.exe	33
PID 2516 wrote to memory of 2680	2516	Unicorn-20869.exe	33
PID 2516 wrote to memory of 2680	2516	Unicorn-20869.exe	33
PID 2516 wrote to memory of 2680	2516	Unicorn-20869.exe	33
PID 2964 wrote to memory of 2900	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	35
PID 2964 wrote to memory of 2900	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	35
PID 2964 wrote to memory of 2900	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	35
PID 2964 wrote to memory of 2900	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	35
PID 2744 wrote to memory of 1540	2744	Unicorn-719.exe	36
PID 2744 wrote to memory of 1540	2744	Unicorn-719.exe	36
PID 2744 wrote to memory of 1540	2744	Unicorn-719.exe	36
PID 2744 wrote to memory of 1540	2744	Unicorn-719.exe	36
PID 2512 wrote to memory of 1544	2512	Unicorn-4352.exe	37
PID 2512 wrote to memory of 1544	2512	Unicorn-4352.exe	37
PID 2512 wrote to memory of 1544	2512	Unicorn-4352.exe	37
PID 2512 wrote to memory of 1544	2512	Unicorn-4352.exe	37
PID 2712 wrote to memory of 2836	2712	Unicorn-56879.exe	38
PID 2712 wrote to memory of 2836	2712	Unicorn-56879.exe	38
PID 2712 wrote to memory of 2836	2712	Unicorn-56879.exe	38
PID 2712 wrote to memory of 2836	2712	Unicorn-56879.exe	38
PID 2680 wrote to memory of 2228	2680	Unicorn-20497.exe	39
PID 2680 wrote to memory of 2228	2680	Unicorn-20497.exe	39
PID 2680 wrote to memory of 2228	2680	Unicorn-20497.exe	39
PID 2680 wrote to memory of 2228	2680	Unicorn-20497.exe	39
PID 2900 wrote to memory of 1644	2900	Unicorn-14558.exe	40
PID 2900 wrote to memory of 1644	2900	Unicorn-14558.exe	40
PID 2900 wrote to memory of 1644	2900	Unicorn-14558.exe	40
PID 2900 wrote to memory of 1644	2900	Unicorn-14558.exe	40
PID 1540 wrote to memory of 1084	1540	Unicorn-3511.exe	41
PID 1540 wrote to memory of 1084	1540	Unicorn-3511.exe	41
PID 1540 wrote to memory of 1084	1540	Unicorn-3511.exe	41
PID 1540 wrote to memory of 1084	1540	Unicorn-3511.exe	41
PID 2516 wrote to memory of 2380	2516	Unicorn-20869.exe	42
PID 2516 wrote to memory of 2380	2516	Unicorn-20869.exe	42
PID 2516 wrote to memory of 2380	2516	Unicorn-20869.exe	42
PID 2516 wrote to memory of 2380	2516	Unicorn-20869.exe	42
PID 2964 wrote to memory of 1512	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	43
PID 2964 wrote to memory of 1512	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	43
PID 2964 wrote to memory of 1512	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	43
PID 2964 wrote to memory of 1512	2964	e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe	43
PID 2744 wrote to memory of 2240	2744	Unicorn-719.exe	44
PID 2744 wrote to memory of 2240	2744	Unicorn-719.exe	44
PID 2744 wrote to memory of 2240	2744	Unicorn-719.exe	44
PID 2744 wrote to memory of 2240	2744	Unicorn-719.exe	44
PID 1544 wrote to memory of 592	1544	Unicorn-50515.exe	45
PID 1544 wrote to memory of 592	1544	Unicorn-50515.exe	45
PID 1544 wrote to memory of 592	1544	Unicorn-50515.exe	45
PID 1544 wrote to memory of 592	1544	Unicorn-50515.exe	45

C:\Users\Admin\AppData\Local\Temp\e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe
"C:\Users\Admin\AppData\Local\Temp\e70e26cffeedf7d31b3e0ec842348e3cff5c95d78b146141d9ba80a85173e19e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-719.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        9⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        9⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        9⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11147.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        9⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13972.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28699.exe
        7⤵
        Executes dropped EXE
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6710.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        7⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        6⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        6⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18345.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        6⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        5⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19578.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        7⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50519.exe
        6⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        6⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        6⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48041.exe
        6⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
        5⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        6⤵
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        6⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        6⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        5⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        6⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
      4⤵
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        5⤵
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
      4⤵
      PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
      4⤵
      PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        6⤵
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
        5⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        6⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        5⤵
        
        PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
      4⤵
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63354.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        6⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        5⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        5⤵
        
        PID:236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
      4⤵
      PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
      4⤵
      PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35484.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
      4⤵
      PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
        5⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        5⤵
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
      4⤵
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        5⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23259.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
      4⤵
      PID:5152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    3⤵
    PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
    3⤵
    PID:3212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
    3⤵
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
    3⤵
    PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
    3⤵
    PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
    3⤵
    PID:6004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20869.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4655.exe
        7⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        7⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15093.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        6⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        5⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        5⤵
        
        PID:3220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 188
        6⤵
        Program crash
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
        5⤵
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
      4⤵
      PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
      4⤵
      PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
      4⤵
      PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
      4⤵
      PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        6⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
      4⤵
      PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
      4⤵
      PID:3244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 188
        5⤵
        Program crash
        
        PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51992.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
      4⤵
      PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
      4⤵
      PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
      4⤵
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
      4⤵
      PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26555.exe
    3⤵
    PID:1504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35447.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
    3⤵
    PID:4036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
    3⤵
    PID:4272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
    3⤵
    PID:5896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        5⤵
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        5⤵
        
        PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        5⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
        5⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
      4⤵
      PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
      4⤵
      PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
      4⤵
      PID:852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      4⤵
      PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
      4⤵
      PID:5496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
      4⤵
      PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
    3⤵
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
      4⤵
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34196.exe
      4⤵
      PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
      4⤵
      PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
    3⤵
    PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
    3⤵
    PID:776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
    3⤵
    PID:3964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
    3⤵
    PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
      4⤵
      PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
      4⤵
      PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      4⤵
      PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
      4⤵
      PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
      4⤵
      PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
      4⤵
      PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
      4⤵
      PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
      4⤵
      PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
    3⤵
    PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
    3⤵
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
    3⤵
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
    3⤵
    PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
    3⤵
    PID:4844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
    3⤵
    PID:5972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2223.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
      4⤵
      PID:5512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
    3⤵
    PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
    3⤵
    PID:3328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
    3⤵
    PID:3912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
    3⤵
    PID:5460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
    3⤵
    PID:3112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
    3⤵
    PID:1948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
    3⤵
    PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
  2⤵
  PID:2692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
  2⤵
  PID:2196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
  2⤵
  PID:4068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
  2⤵
  PID:3756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
  2⤵
  PID:4808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37422.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37422.exe
  2⤵
  PID:4472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3459.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3459.exe
  2⤵
  PID:5476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe

Filesize
468KB

MD5
7ce672c0aed80032ae2a9686eb903d23

SHA1
1efab8e6bfbf0ce27f44a556c906723e68ca07d6

SHA256
50b810799297653c035b7f8e858a7698c26377cd28b249b3e9aa3027f38743d4

SHA512
65d8b2e8f780f5e8810d12a1adf2c984cc770fb97325393b36c32946da70bac8a1026c89c5ea3cadf501fd04a7e5a25bc29366aa8839df1308016561b6b5f448

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe

Filesize
468KB

MD5
d620361db40281b61c24689ce56a029f

SHA1
b0cf3e2fe514cdaf7c4dfd8318b7073552ece96c

SHA256
85feab2c7e0679f566dd081bd8b3cbb3902549fc3f5b938e22847682a9373a61

SHA512
d6c7569d2897c5c1c6a1dc4db44379bc3919814e300086454e0795bca0199cbdca70f8d8e2b565fa1d5d402ff425dc030ce1f54f89f07f3edc8d2afb0096d0f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe

Filesize
468KB

MD5
2c6209ecf866c3dcea2f7775a7652a4c

SHA1
6467081b18af9d7443be4376102519955f43b05e

SHA256
51f002ca8b67a3351d6e85416599d540ac43fb5af15b23028b581b0672a5dbd2

SHA512
5fd7561b76b5a58587e5d584a0199acb0208ddb711091ac592b14d33d99c626c4579ec2df3366a8e7e7d03ba72eeeb90313ed71f3f3c517f4130e8379cf148e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe

Filesize
468KB

MD5
67b346e69763001dbda448ba9db12a95

SHA1
32bfcfc341c179a0aa50688a13c3e174d58aa720

SHA256
18656b0c92d6f963b3afc46c367d9e1407d2e7ff44aa7c6255ce74a00718cf98

SHA512
56b87fb4a1b98cfd33f57c4a3e9a844062c8171d5f9c24f23d96ac731549d6a168702cd8cd490f149a138dd05ca62ee4038277f0f11b3f66bcdde14f396d5af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe

Filesize
468KB

MD5
a5d420d7ff2f3587e24a3c071f9f1b44

SHA1
39822722ce0b52cfcd60d62a6b395acfd86691cf

SHA256
140718fd7015ff0a0fda4dd966185ffdca6ec934258e758b470c07619dd2af6a

SHA512
a3319c1132d54d78c239aa781781cf288958dd6c9b06a6095dee72821c5b2943fdfb3d6ff64d0d95cf001e73a291962399b1952dbc0e3bff598a51f354a1e51b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe

Filesize
468KB

MD5
27823ce67bd4871a6d5c7d3feacc434f

SHA1
ae426575ae19496308c49bfe5584fa206edb5c3d

SHA256
c542f30d3f8de39aee67cb1c9180b7b6f22d16dcb869d502bd9790c1091696a3

SHA512
193a84b823fe34b2a6c4c54cea82b54ba28b43f1bc5a9cb500e8fa40ffb9dd2ab20d9f261f6a9830e5cb2482d620a5cde564014b2fce6c9f1201fc05e5462ce3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe

Filesize
468KB

MD5
004242269346497926a139ceb3fbd516

SHA1
8a3ca1a00cc293a7ce2f1bfc008adbde4e22450b

SHA256
b85fc899d86c2443ae673cad66288651988bc70bc5b459760cedfa1103498bc2

SHA512
a5f2fe95c38b0926357cf68e6b92812556440ff2b26fbcbcb108d41329157e7fdd01acba271bd5c0cd96c2aa5ceff50a3e636044b0e1d49c709480b5e11cb023

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20869.exe

Filesize
468KB

MD5
d9846f711f2a37d1dc8f6a402b677306

SHA1
c38c596491ab6a50097beac657d1e5626e610c2c

SHA256
46040520a55323b2ebbab20f46d8fa6d35556c9bc4388ee326e49d7cd34fe59b

SHA512
9807bd4d908996c5cdbe1c50420679edea77280d77c806501a8317b65985713ad7bc7d0328f7505f68e02d5fb13b9b441de2fc17d960fc5396f5d076e1a77a65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe

Filesize
468KB

MD5
8657e3eb9ad79b916a4b777fdd2d392a

SHA1
3f7ec04f56be2da11ebde6b5207fc14465e56022

SHA256
c7f3f8dca6e6baa0cc6a45a11a2e0ccf50c756607fa17a6f5a351fd8ea4bc636

SHA512
22a752c82d099cbb458692db84bf58f7c1f7bc039280930773893df4f5761da8b19d96f26d3e19808767e2402c7d79ae47106c05db00a85ce7635712514a8216

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe

Filesize
468KB

MD5
a7fdf9ab71d485e64ed5ec0d382dadd9

SHA1
f219798ce49b876b9ae8d43c78ed279eb96820b0

SHA256
d62cd1eaa2a8dfc8331a05b06cd13ad1416ca84adbe5383d159e598519955be5

SHA512
ac627df9f4866fe2411a28cc4c8381596b2239cda9ed3135968019fef55c03aab407a795071a11dc34770a930cb0c0ee4b74a429d13b5b44b45b5f30dfb88fb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe

Filesize
468KB

MD5
0d61b4f110a1150a717cecd14c8dc070

SHA1
ec429c0299712f482aecea5df877cbd12e648826

SHA256
5c3ba4612d325de4ec45e7ade27bf127dac85556151ee37de5d5083e2480d491

SHA512
97d248f245c7ac2ace949a5c8d82033f59348322adadbd0073acd79ccf17fe918cf09403532ae35e2fe87fec5f53b9148530aec4fef2713456f47b21112a0fb5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe

Filesize
468KB

MD5
a3c95a91850bbf065cd055f9b50be43b

SHA1
6b181b2d02294dacb0ca15fd1542237518d783b5

SHA256
1ae8644584250ea809415f493c40c3038abea116938c9f96d2a2373bca121dd3

SHA512
f523e8a05c7758cb0ef35bf11a43b87c9cb7a2315fe433cbf18631b9a6e419be546fac4d48525bf34be959ced0e5e9f536b1196b15858740cddb48667fe5728a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe

Filesize
468KB

MD5
b6d6d687dbe9db77da0f40d1185f7c2f

SHA1
6c64c918377a07892d5d70329d4b58bff1bd9b02

SHA256
6917345420fa7ea88b089a0c1f262ef514d1b75650ed44e817be4b339837730f

SHA512
c4da2a60d3b0c79b1b7b96d6f0f0c740c60a5f32bb897c85c7844208e1f2490de9dbecba9a20d73019aec9863a2bc9f07ce163e73bd570505d3ac61d7c4afbe0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48341.exe

Filesize
468KB

MD5
526c1505b07ef98c53a0825446497bc6

SHA1
a2e986acf3ceea34cedb293c829a033553dabbeb

SHA256
f7129f56879e5e145ba21e2d8c39daed073016b61dfcf5849ac2c7a9dc1b921f

SHA512
60828c0829ba816841e4b9a7a304943dc2e260e3f038945c5a5e944efd36d4dee5c2a4e8639c22c4c7d062f7e1f20e60392c8b0538371a68e3fa8c4e5fe6b010

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe

Filesize
468KB

MD5
57ca319539bf3f243557f270ac6eae43

SHA1
4167ee6e89872c1c5a73b018bf283f98ea67ec9e

SHA256
8305c551ff12bf6a6ca5de5af31706c9b1ff547871d8c7755e6834fe67eb8a75

SHA512
e3cb324770c2e3d56439d472c60d8ae51bf0cb0ffdaa3ea30ce7e0d5fe7375aea4d8f6d16604fa296e75a47bf9250c5c0499a376d748e3938dfe19d42a511a4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe

Filesize
468KB

MD5
aa3e527684fa03e72a4a7e4d396fa56b

SHA1
ff77c4b1958dce9b0d3b19aa9d70e1c19cc0cf01

SHA256
f9f207bd2ca3a9938c1ae1e965e65ee927d7eadbfb973a908877f1b68052cc46

SHA512
a27e497d3e10df6f66fbfd74bda7b1302ae236926d21325ba59fab7713c5ab4f022974fac5ad7592230f47fe64f1cbc62e2c09ca9eb5b4ddd61674d7a368d884

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-719.exe

Filesize
468KB

MD5
7209abe07fbabcfee18e21b1e0e36294

SHA1
44bcae51c90deb0aeff430320d3c32e5f6616908

SHA256
6d57beaa9bb9d45849823c9b39de4384df7c42fe5ca571b1e5c005fc42719f53

SHA512
9d21756ddd4fff8ac43dfddd04f009e55e9c7d5559938080aa39a7bf1934b9925975dedd53614dc8bf54e2f3c7cac1ffe4f869a031452b0c4a34f85b4e847626

Download Submit