94e101bbc5ab6ba940cc67f804b2552010c51f9ffd1fc05cbb60222d2ec1bc42

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
Size

468KB
MD5

e60f850c2ac9e3cd3b5cc41c8f337ba0
SHA1

037620815cb03be78681d99a5e324390030ea23f
SHA256

94e101bbc5ab6ba940cc67f804b2552010c51f9ffd1fc05cbb60222d2ec1bc42
SHA512

5f105ba7b9b1cdd91553c1b6deae1cde7b5c334add4e6b5d3dc8ac20d4e380ed3162144a668b24f3d61436a326af9814174e03705998bd56965641ce4903461c
SSDEEP

3072:yu0VogkEIY5AtbY4zfjTff8w0CO6PppT/EHTYV/gAWQLxw0cJRl1:yueotYAtHzrTffdfC/AWay0cJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
776	Unicorn-33322.exe
2656	Unicorn-57286.exe
2468	Unicorn-7914.exe
264	Unicorn-14795.exe
2772	Unicorn-18880.exe
2848	Unicorn-16833.exe
2416	Unicorn-7182.exe
2684	Unicorn-38937.exe
2604	Unicorn-65065.exe
3060	Unicorn-65470.exe
2464	Unicorn-12185.exe
1992	Unicorn-11920.exe
1240	Unicorn-16270.exe
1688	Unicorn-12740.exe
1944	Unicorn-30559.exe
2896	Unicorn-30935.exe
3032	Unicorn-31489.exe
2240	Unicorn-51355.exe
2144	Unicorn-9428.exe
1476	Unicorn-35979.exe
1140	Unicorn-24281.exe
1200	Unicorn-23919.exe
1356	Unicorn-43577.exe
2296	Unicorn-3306.exe
1940	Unicorn-60846.exe
1716	Unicorn-19259.exe
648	Unicorn-27981.exe
2788	Unicorn-47847.exe
2536	Unicorn-47582.exe
2408	Unicorn-25572.exe
568	Unicorn-17780.exe
2088	Unicorn-39870.exe
2236	Unicorn-27256.exe
1588	Unicorn-23726.exe
2112	Unicorn-47676.exe
1264	Unicorn-47676.exe
2500	Unicorn-2730.exe
2204	Unicorn-16465.exe
2328	Unicorn-10898.exe
2812	Unicorn-47100.exe
2688	Unicorn-18438.exe
2152	Unicorn-55460.exe
2580	Unicorn-27832.exe
2800	Unicorn-21287.exe
2592	Unicorn-48252.exe
2568	Unicorn-62542.exe
1296	Unicorn-61765.exe
2040	Unicorn-61765.exe
2316	Unicorn-41899.exe
1640	Unicorn-61765.exe
1236	Unicorn-62734.exe
1816	Unicorn-36420.exe
1424	Unicorn-55059.exe
1712	Unicorn-291.exe
1988	Unicorn-28325.exe
2052	Unicorn-53213.exe
3028	Unicorn-7334.exe
2888	Unicorn-36875.exe
2816	Unicorn-42475.exe
1036	Unicorn-38605.exe
1664	Unicorn-59580.exe
2932	Unicorn-30245.exe
1860	Unicorn-61255.exe
852	Unicorn-26523.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
776	Unicorn-33322.exe
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
776	Unicorn-33322.exe
2656	Unicorn-57286.exe
2656	Unicorn-57286.exe
2468	Unicorn-7914.exe
2468	Unicorn-7914.exe
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
776	Unicorn-33322.exe
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
776	Unicorn-33322.exe
264	Unicorn-14795.exe
264	Unicorn-14795.exe
2656	Unicorn-57286.exe
2656	Unicorn-57286.exe
2848	Unicorn-16833.exe
2848	Unicorn-16833.exe
2772	Unicorn-18880.exe
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
2772	Unicorn-18880.exe
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
2416	Unicorn-7182.exe
2416	Unicorn-7182.exe
2468	Unicorn-7914.exe
776	Unicorn-33322.exe
776	Unicorn-33322.exe
2468	Unicorn-7914.exe
2684	Unicorn-38937.exe
2684	Unicorn-38937.exe
264	Unicorn-14795.exe
264	Unicorn-14795.exe
2604	Unicorn-65065.exe
2604	Unicorn-65065.exe
2656	Unicorn-57286.exe
2656	Unicorn-57286.exe
3060	Unicorn-65470.exe
3060	Unicorn-65470.exe
2848	Unicorn-16833.exe
2848	Unicorn-16833.exe
1992	Unicorn-11920.exe
1992	Unicorn-11920.exe
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
2464	Unicorn-12185.exe
2464	Unicorn-12185.exe
2772	Unicorn-18880.exe
2772	Unicorn-18880.exe
1944	Unicorn-30559.exe
1944	Unicorn-30559.exe
2416	Unicorn-7182.exe
1688	Unicorn-12740.exe
776	Unicorn-33322.exe
2416	Unicorn-7182.exe
1688	Unicorn-12740.exe
776	Unicorn-33322.exe
2468	Unicorn-7914.exe
2468	Unicorn-7914.exe
2896	Unicorn-30935.exe
2896	Unicorn-30935.exe
2684	Unicorn-38937.exe
2684	Unicorn-38937.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
6020	5608	WerFault.exe	460
6012	5648	WerFault.exe	464
6052	5632	WerFault.exe	462

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62209.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
776	Unicorn-33322.exe
2656	Unicorn-57286.exe
2468	Unicorn-7914.exe
264	Unicorn-14795.exe
2772	Unicorn-18880.exe
2848	Unicorn-16833.exe
2416	Unicorn-7182.exe
2684	Unicorn-38937.exe
2604	Unicorn-65065.exe
3060	Unicorn-65470.exe
2464	Unicorn-12185.exe
1992	Unicorn-11920.exe
1240	Unicorn-16270.exe
1944	Unicorn-30559.exe
1688	Unicorn-12740.exe
2896	Unicorn-30935.exe
3032	Unicorn-31489.exe
2144	Unicorn-9428.exe
2240	Unicorn-51355.exe
1476	Unicorn-35979.exe
1140	Unicorn-24281.exe
1200	Unicorn-23919.exe
1356	Unicorn-43577.exe
2296	Unicorn-3306.exe
1940	Unicorn-60846.exe
1716	Unicorn-19259.exe
2788	Unicorn-47847.exe
648	Unicorn-27981.exe
2408	Unicorn-25572.exe
2536	Unicorn-47582.exe
568	Unicorn-17780.exe
2088	Unicorn-39870.exe
1588	Unicorn-23726.exe
2112	Unicorn-47676.exe
1264	Unicorn-47676.exe
2204	Unicorn-16465.exe
2328	Unicorn-10898.exe
2500	Unicorn-2730.exe
2812	Unicorn-47100.exe
2688	Unicorn-18438.exe
2580	Unicorn-27832.exe
2152	Unicorn-55460.exe
2800	Unicorn-21287.exe
2592	Unicorn-48252.exe
2568	Unicorn-62542.exe
2316	Unicorn-41899.exe
1640	Unicorn-61765.exe
2040	Unicorn-61765.exe
1296	Unicorn-61765.exe
1236	Unicorn-62734.exe
1816	Unicorn-36420.exe
1424	Unicorn-55059.exe
1988	Unicorn-28325.exe
1712	Unicorn-291.exe
2052	Unicorn-53213.exe
2816	Unicorn-42475.exe
2888	Unicorn-36875.exe
3028	Unicorn-7334.exe
1036	Unicorn-38605.exe
1664	Unicorn-59580.exe
2932	Unicorn-30245.exe
1860	Unicorn-61255.exe
964	Unicorn-5932.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 776	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	31
PID 2528 wrote to memory of 776	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	31
PID 2528 wrote to memory of 776	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	31
PID 2528 wrote to memory of 776	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	31
PID 2528 wrote to memory of 2656	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	33
PID 2528 wrote to memory of 2656	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	33
PID 2528 wrote to memory of 2656	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	33
PID 2528 wrote to memory of 2656	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	33
PID 776 wrote to memory of 2468	776	Unicorn-33322.exe	32
PID 776 wrote to memory of 2468	776	Unicorn-33322.exe	32
PID 776 wrote to memory of 2468	776	Unicorn-33322.exe	32
PID 776 wrote to memory of 2468	776	Unicorn-33322.exe	32
PID 2656 wrote to memory of 264	2656	Unicorn-57286.exe	34
PID 2656 wrote to memory of 264	2656	Unicorn-57286.exe	34
PID 2656 wrote to memory of 264	2656	Unicorn-57286.exe	34
PID 2656 wrote to memory of 264	2656	Unicorn-57286.exe	34
PID 2468 wrote to memory of 2772	2468	Unicorn-7914.exe	35
PID 2468 wrote to memory of 2772	2468	Unicorn-7914.exe	35
PID 2468 wrote to memory of 2772	2468	Unicorn-7914.exe	35
PID 2468 wrote to memory of 2772	2468	Unicorn-7914.exe	35
PID 2528 wrote to memory of 2848	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	36
PID 2528 wrote to memory of 2848	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	36
PID 2528 wrote to memory of 2848	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	36
PID 2528 wrote to memory of 2848	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	36
PID 776 wrote to memory of 2416	776	Unicorn-33322.exe	37
PID 776 wrote to memory of 2416	776	Unicorn-33322.exe	37
PID 776 wrote to memory of 2416	776	Unicorn-33322.exe	37
PID 776 wrote to memory of 2416	776	Unicorn-33322.exe	37
PID 264 wrote to memory of 2684	264	Unicorn-14795.exe	38
PID 264 wrote to memory of 2684	264	Unicorn-14795.exe	38
PID 264 wrote to memory of 2684	264	Unicorn-14795.exe	38
PID 264 wrote to memory of 2684	264	Unicorn-14795.exe	38
PID 2656 wrote to memory of 2604	2656	Unicorn-57286.exe	39
PID 2656 wrote to memory of 2604	2656	Unicorn-57286.exe	39
PID 2656 wrote to memory of 2604	2656	Unicorn-57286.exe	39
PID 2656 wrote to memory of 2604	2656	Unicorn-57286.exe	39
PID 2848 wrote to memory of 3060	2848	Unicorn-16833.exe	40
PID 2848 wrote to memory of 3060	2848	Unicorn-16833.exe	40
PID 2848 wrote to memory of 3060	2848	Unicorn-16833.exe	40
PID 2848 wrote to memory of 3060	2848	Unicorn-16833.exe	40
PID 2772 wrote to memory of 2464	2772	Unicorn-18880.exe	41
PID 2772 wrote to memory of 2464	2772	Unicorn-18880.exe	41
PID 2772 wrote to memory of 2464	2772	Unicorn-18880.exe	41
PID 2772 wrote to memory of 2464	2772	Unicorn-18880.exe	41
PID 2528 wrote to memory of 1992	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	42
PID 2528 wrote to memory of 1992	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	42
PID 2528 wrote to memory of 1992	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	42
PID 2528 wrote to memory of 1992	2528	e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe	42
PID 2416 wrote to memory of 1240	2416	Unicorn-7182.exe	43
PID 2416 wrote to memory of 1240	2416	Unicorn-7182.exe	43
PID 2416 wrote to memory of 1240	2416	Unicorn-7182.exe	43
PID 2416 wrote to memory of 1240	2416	Unicorn-7182.exe	43
PID 2468 wrote to memory of 1688	2468	Unicorn-7914.exe	44
PID 2468 wrote to memory of 1688	2468	Unicorn-7914.exe	44
PID 2468 wrote to memory of 1688	2468	Unicorn-7914.exe	44
PID 2468 wrote to memory of 1688	2468	Unicorn-7914.exe	44
PID 776 wrote to memory of 1944	776	Unicorn-33322.exe	45
PID 776 wrote to memory of 1944	776	Unicorn-33322.exe	45
PID 776 wrote to memory of 1944	776	Unicorn-33322.exe	45
PID 776 wrote to memory of 1944	776	Unicorn-33322.exe	45
PID 2684 wrote to memory of 2896	2684	Unicorn-38937.exe	46
PID 2684 wrote to memory of 2896	2684	Unicorn-38937.exe	46
PID 2684 wrote to memory of 2896	2684	Unicorn-38937.exe	46
PID 2684 wrote to memory of 2896	2684	Unicorn-38937.exe	46

C:\Users\Admin\AppData\Local\Temp\e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe
"C:\Users\Admin\AppData\Local\Temp\e60f850c2ac9e3cd3b5cc41c8f337ba0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55460.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        9⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        7⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        7⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 188
        8⤵
        Program crash
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
        6⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        6⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        6⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53227.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 188
        8⤵
        Program crash
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
        6⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        6⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe
        6⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        6⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        5⤵
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        5⤵
        
        PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        7⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        6⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        6⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        7⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        6⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        6⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        5⤵
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        5⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        5⤵
        
        PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
      4⤵
      PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
      4⤵
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
      4⤵
      PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        6⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        6⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        7⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        7⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        5⤵
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        5⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
        5⤵
        
        PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        6⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
        6⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        5⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12681.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        5⤵
        
        PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55059.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
        5⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
        6⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
      4⤵
      PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        6⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        7⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        7⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        7⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        5⤵
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
      4⤵
      PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
      4⤵
      PID:5320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        5⤵
        
        PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
      4⤵
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
      4⤵
      PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
      4⤵
      PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
      4⤵
      PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
    3⤵
    PID:1600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31853.exe
    3⤵
    PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
    3⤵
    PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
    3⤵
    PID:5552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        6⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        6⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        6⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        6⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        5⤵
        
        PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
        7⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        6⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        6⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        5⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        6⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        5⤵
        
        PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        5⤵
        
        PID:5632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 188
        6⤵
        Program crash
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
      4⤵
      PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
      4⤵
      PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
      4⤵
      PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        6⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        7⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40036.exe
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        5⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        5⤵
        
        PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
        5⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
        6⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        6⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
      4⤵
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
      4⤵
      PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
      4⤵
      PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
      4⤵
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        5⤵
        
        PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
      4⤵
      PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
      4⤵
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        5⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
      4⤵
      PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
      4⤵
      PID:5488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
    3⤵
    PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
    3⤵
    PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
    3⤵
    PID:5068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        5⤵
        Executes dropped EXE
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        6⤵
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        6⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        5⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
        5⤵
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        6⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        6⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
        5⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        5⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        5⤵
        
        PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
      4⤵
      PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        5⤵
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
      4⤵
      PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
      4⤵
      PID:5544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
      4⤵
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
    3⤵
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
      4⤵
      PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
    3⤵
    PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
    3⤵
    PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
    3⤵
    PID:5828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        5⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        5⤵
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
      4⤵
      PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38468.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
      4⤵
      PID:5256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
      4⤵
      PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      4⤵
      PID:5780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
    3⤵
    PID:1848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
    3⤵
    PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
    3⤵
    PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
    3⤵
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
    3⤵
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
    3⤵
    PID:5284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
    3⤵
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
    3⤵
    PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
    3⤵
    PID:5236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
    3⤵
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      4⤵
      PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
      4⤵
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
    3⤵
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
    3⤵
    PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
    3⤵
    PID:5328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53038.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53038.exe
  2⤵
  PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
    3⤵
    PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
    3⤵
    PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28723.exe
    3⤵
    PID:5396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
  2⤵
  PID:2324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
  2⤵
  PID:3736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
  2⤵
  PID:4352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
  2⤵
  PID:5300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe

Filesize
468KB

MD5
6cf8f51ee3b9e6c2c846d0c694da530e

SHA1
eccac3d068c058d7c6b852a4a490cb5ffc417ec7

SHA256
6cd6bd02056abc0c80be0834669fe05e84039b996eda96f1ba738bde9ca3bf90

SHA512
d20f0b36a43a6bb15ad46244e1b12c7ca4f1364f6c7409f8683e655c459fe57b10c3ebccdc53f9c1e06f82628d63e1f4caa9cbd27588bcc2ddab4f84689878f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe

Filesize
468KB

MD5
4c7dd097832587c3334ab34aae26ec0e

SHA1
855ba0e61e59dcccd152a7bc66f6c8f44cf1c7ae

SHA256
069cfd04a2ecddf03849055b4e8c1337fec93a6655e4909baff050af921d243d

SHA512
e34c654f395cdbc780f1a67c68e7e1b622c463d3ae9945fd040a3207f94853ea8013bfc8f047993ae6633c59d39b6688176eb6fac464f5497afae9e96b3ec250

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe

Filesize
468KB

MD5
6fc0cdd33691578bacd355da235234e3

SHA1
e3c3680ebf0f3400fe35c97a31dae69533aa9c4d

SHA256
8a5926b4af3b56c669551c2cd751c89f57fdf5e68bd9f80e74775e0dfb71605b

SHA512
b825ade44e566d937f68721ab5f573c47803cc7004043b87c4a8a4daee44541da09180fceb27a90ef85fba4294c6c082887b181bc80773d302e0e042bbd9776c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1838.exe

Filesize
468KB

MD5
40756a2fd21756039fb106f5de777af2

SHA1
682fe5e68bff02db9a77425e58ae12bc2eb56989

SHA256
5f8c2c74c5d5ac800b75c382febb9b785aa651295f83bf72fb01eebeaf03190d

SHA512
eadc3a595db5a6afd0bafb7ff9040077ea66dda18e99bd59dbe1658815411c5934607ec957d3efc06324b889a92d2e47f3c28c2631268764a415fef2424495eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe

Filesize
468KB

MD5
5f36f6c183840f7dd91d723214dc36d4

SHA1
436738ec1cab3c72d6ce9bdca985f555194416d1

SHA256
17b7b539e45112abf90990c174adb5addf6e1ccbfb89e7c520b276c78150b127

SHA512
e77d2c228d49942597d328159d468f2283a5f4924a6044b0ddfe7fa26746e39c9e14b6211123acb7f70c3ec572a5a54a25195ab317cc4a0baf62385669f8b855

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe

Filesize
468KB

MD5
7702e2217ef620ac01688df74dacf33d

SHA1
4437ab8bcadff23ef9698e1cfbdc88a31db70399

SHA256
fe3042fd9d70fae23e5304c178f5ee0638d49dd25dc27137c4cbb49d354630a9

SHA512
35590fba76215177afd9c57a95785cc9fd29aa4109502564b0031bea9903ce2366c84ceb47d7352ff1cfabdb517622a2d244db38ba3d6ca5e70003a0a5412aa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe

Filesize
468KB

MD5
85c0ce55221824a87588d1f06c895019

SHA1
cdb69f7e87de1e728a80ee03cfa8b1d42eb56d58

SHA256
44ff260a2106892a1823c57d247574ea0504ed5cfecb69e20ca001d850834b66

SHA512
2bae1407aa56249664e14349ef03bd0edb2279d54a9cca2041404407feb93a980e265b821fdc64a4000b291b480b3763ed59368008a61105846947485dddcd0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe

Filesize
468KB

MD5
e987a429fa8f37fe8750ab8ae719c0b3

SHA1
30d7f76a6d76f3484d5c4a44bd287af299c65f2e

SHA256
e2077d57dc38b77faa9ccf8d807292fa75bc349f1d737ace1d74acff90fb2456

SHA512
28e664543df2e4226321a7915cbf4e76b410e9f8d02abb7eb73634fc13e42815038a5068bf1fd08bfcea34afcb2cf95050996656a19e81afe2485bdccffd8679

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40036.exe

Filesize
468KB

MD5
cedfe5886e45735458ba9735007d5fbb

SHA1
c42566c8b05ce5139cb1a1f59f3c2a4cf27bbddd

SHA256
1589f5a22fac4bf220d74fcf40c357f978606c6c1b5e6b6f87c692b6790cbc07

SHA512
7deadc472c458afca0ccda444b2eb9d0cbc3063c5f0c5b7cf1eedddac70862b181dd5e15ffa5c9abe9696155a67054b2b4d66af690a37b5e2f731af0039eff71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe

Filesize
468KB

MD5
8951606dad763926f2df0ca23c89ff10

SHA1
de4defb60512003b474e36ff1c66a16a535387a1

SHA256
98e8d76c7414ae655d56e96a7dc955bdd53537daea98ecce58195b3cfe8e394d

SHA512
446e12de3aeeab5b57ffed6e99f9890bb7d3792b7cb97cc8bf8799346e6791baadd216225042e68f38815d0a3d866464e0d7a7e6f21fcd7e6daf478134697a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe

Filesize
468KB

MD5
935904109ee9295098d20456d5555cd2

SHA1
0e70066409e8a79aa218d6eb150405da4062b1bf

SHA256
39699c62ab6fdd5f1dc3430cc56421da24b65fbc9c588f7a97acf8890f1d7aad

SHA512
a9670c4c4dde1a8f5f59c5561edb5494a72bd425bec9b01966a45fc1a98c8f8758943f77b3a5448b23da317999f470ecee7f348af090c6a99402fad8700a042e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe

Filesize
468KB

MD5
fd1d0afdbe99d20fe8d2663b6cc9f3d2

SHA1
ccca1cfdd573ba4aa5ce80ff8fcbaa6191e55350

SHA256
06c2164644c3c274960e2b96eb4d47873e468cc8bf4691ab9e6ee181b820d785

SHA512
cc0c1a038a0892b2c58e6dd762375c64b2649c2c8a72daba1850872e6f66fa514ab21f22e94c5dca3f3c6195199d4f6d442acda82a8a14e43fa3dfac81ec9a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe

Filesize
468KB

MD5
9f4929a01b6abf18455d182704f73f32

SHA1
0ab261feb47da3e4cdab9cc7ea9cc2dfe57887f3

SHA256
dc9038e295eb9d75364039562a1098b96e91a8399bbe5d1d226292fbedb590ad

SHA512
049fc3208be23112229bd77fb53eceb9063208c1e1f87a110e93d618d4a55f57ab73a8d075cc84fcf9b3c879e6e334d057c792ea223593bb12c34568882000f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe

Filesize
468KB

MD5
621b07827a5ab4160aa654efc19bdd6b

SHA1
f83e439763e1e9cc16288adf3aa7d75a37a21c9b

SHA256
36e8bf86aa50a651c8221c2323fabb2fb8f5bd9d9fb05c383688faf3a563d234

SHA512
2a66d76565f369e809f7f09362a8d881587906a61948398d0df418511110745f02c7f4088ecf56a3a747b02b8023811dccf7a0ae8e38d2f6cfee209cd849e768

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe

Filesize
468KB

MD5
5dd1c667f34b5f50834460b6829231b4

SHA1
dbbd9eaabab45823bf1ed5d2e107eac9bed2df64

SHA256
48d5cc0496b3a17957b340c334220a1f42187d94276eede056aa508c8d9e8745

SHA512
fa99a611999d8924b9dd73b6c9bea857d1ed3e6b476494ed8c0a518a21178e9d8682dd6593d7a558eb0e6436826e728a44019321903bdecd60586e3fffed0f38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe

Filesize
468KB

MD5
116158096301b723b1b5601a46ff870c

SHA1
2d39b3c25e98fd9557ebfb2f332f04f7e0d7b212

SHA256
9128181fe8d994e4482e3893454c001992b2ef4b3421ac944a65ae0043417482

SHA512
503d5af69e47c22a2cd53f8a3a1c152d42f29ea064c9c1f01db185181d89cbceaefd538ff69044071f343b0c4db07ec9bed4807340ce54b07457668974fbdde5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe

Filesize
468KB

MD5
e55f7d8843a844f156716108b3d57760

SHA1
7d815475dd1acafa9b485a941f4cf383abd68801

SHA256
37003a225f33ef0071cb78ad04a4e2c528fcd06726d5c042d65993c8c0b7e858

SHA512
25e6bcc713cd77751f280f7c18b319e10250a1194bad33130546936d38b9d06a023a4eb3c61dadb00f978b4d2e9d39b96c34cca93dfe4482e8b655c50493bdd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe

Filesize
468KB

MD5
40884f1a6fc812256e3c47e870e6dad5

SHA1
901c009f333e6f62fcc5d7b1b296a6dde6408ab9

SHA256
f626431bdccb8543d1090736a81fd91d67510501a3d5c7708d65851343dba920

SHA512
7ef08e5f10cd141b340e231621ffc146a5be9f5768cbc8685aac6020ed0ffb5830bb4f74664bca5348d97592eb8198abbb8f757892deb72e194652a76f333dd9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe

Filesize
468KB

MD5
63ce38745bb201e411a9b400ee5af320

SHA1
211007c38754bae4cf3495cb3fb080cd9b187bdd

SHA256
a9b92d57a3f5193937e7ca71920582275b3601cf7e479b943a1a51975b50c32a

SHA512
9e2cdc3b510688fee910ca4ddf51e8ac5e4c24c7e0366ecd5ad48bc39344304870f419da3551eaa092d93cec33965a149b12faf76522284f714ae33bf5b40aaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe

Filesize
468KB

MD5
80ac5a810779d1356a79f924f205cd71

SHA1
eaf43c2b067b2d23719c51a4c1f66f224d65ce4e

SHA256
567b15915fd7a0f972bccaadc0f88dd6b2c0056b9358c890db078d46e4db6ed4

SHA512
2341d6fc157aa1b9d1348685a511fbb360c3ee6eb7647b4b747e848457f729069c95b92478018ac357e836c99e62cb7d670eb749ee97adb0a6cab5b1d5f06180

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe

Filesize
468KB

MD5
24e00f3a8c0b0b3e9b29a7230e038945

SHA1
c0d2e33d4c8e223ea5d6bc447fb1019c9bdceff0

SHA256
72772a5afbf7345d60f22aa879aaf233df30cd7a6f8a3fe64df41f022d63b5a6

SHA512
ace68ed1e7378c405ab797c97ca38ccf240f027a95d321d1051fd3f02cc875840f57f4908a49c34bf2ed94dd85090e29bf1d4f2a84736ba21c38ac13101658ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe

Filesize
468KB

MD5
ebb3e1d1b93e9a4c3c527477cec14aea

SHA1
d896b51bfca72bcaae51bc34f4e460be5b8882ad

SHA256
98ce3273e7b4d2cb7fb3f0b431eae2b64a36eccfd1f6f8528965fb11b07e926e

SHA512
b4cc79c3d10f5d02a438981e6908bb09e637b519b7f8796df42c945a5d03c58effb7dc39b3fd1721adf6f7cfb4055fb26c6d7193147c85f8d0ff3f234416dc20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe

Filesize
468KB

MD5
7b7723f0980e6f255dfc4d26f26e6c05

SHA1
f9d30b5122004f6c72aec88e2ecf4cc9dcd94c1b

SHA256
fb63088847827009a84850298e725a105dfa43e3d145268b4a095a619be9cef6

SHA512
ea53f4175b40ebcb35e97a07c797458d5f8efba638f897ed4f2a56a4c56da51f83ad7b5b072c4e423f0e52cb710325abf127c9e63afdd72044ee8207af713793

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe

Filesize
468KB

MD5
867659f43ee593fdf40d5b2c2486bc94

SHA1
ae1da61b9a3e47e76ff408457100493aa7b2e30a

SHA256
269b3c03a14d80be7d027e9161d6ff007f4320d01e33d7ec93c41f4ff3364118

SHA512
479de1a9e5d913a4b81b630e3d2826c0b2659f2080abf256078f7a5353d4449abae859af17f1340679da64008a073dbddce18b8e49cc25b393d2186a3992b25b

Download Submit