b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
Size

468KB
MD5

03693459b05a03a7cf54a8702e498ce0
SHA1

7750decb2141406dda556bc987c92580b7bdee97
SHA256

b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620
SHA512

ca43c152d678e370b4bdc2df16ad09d30e6bd72e9102e2a3eb2d448c8bf41dbe0f2832fd59be0accee176047aa1778d63a26a0c60e58015fe1c3591033034ad1
SSDEEP

3072:p8ACogIdIU57EbY2PzcjYf//sChC7IagBRHQRV5MeFLLZOvFofle:p81oAc7EhP4jYfi/beeFPgvFo

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2740	Unicorn-54110.exe
2912	Unicorn-62371.exe
2608	Unicorn-54675.exe
2604	Unicorn-54812.exe
3064	Unicorn-1916.exe
484	Unicorn-8844.exe
2492	Unicorn-3695.exe
2204	Unicorn-54417.exe
2276	Unicorn-43893.exe
2940	Unicorn-48273.exe
1644	Unicorn-19226.exe
2936	Unicorn-49184.exe
2768	Unicorn-64897.exe
2948	Unicorn-43054.exe
352	Unicorn-19484.exe
2288	Unicorn-17606.exe
2440	Unicorn-11985.exe
2428	Unicorn-57657.exe
268	Unicorn-26597.exe
1064	Unicorn-11461.exe
2376	Unicorn-19411.exe
1688	Unicorn-626.exe
2468	Unicorn-15343.exe
1580	Unicorn-15343.exe
1292	Unicorn-13267.exe
2168	Unicorn-50565.exe
2040	Unicorn-59495.exe
1320	Unicorn-14819.exe
952	Unicorn-22364.exe
2664	Unicorn-8934.exe
2100	Unicorn-59652.exe
1676	Unicorn-38407.exe
888	Unicorn-42355.exe
2560	Unicorn-65293.exe
2280	Unicorn-9879.exe
2892	Unicorn-39824.exe
2612	Unicorn-49917.exe
2864	Unicorn-50457.exe
2636	Unicorn-21707.exe
3068	Unicorn-41308.exe
2616	Unicorn-41573.exe
764	Unicorn-25001.exe
528	Unicorn-30333.exe
2624	Unicorn-52206.exe
2132	Unicorn-63736.exe
2232	Unicorn-17534.exe
1904	Unicorn-23665.exe
2824	Unicorn-37370.exe
1956	Unicorn-20576.exe
1076	Unicorn-14707.exe
2128	Unicorn-14972.exe
1148	Unicorn-45543.exe
1340	Unicorn-9492.exe
2448	Unicorn-21304.exe
2196	Unicorn-30235.exe
1468	Unicorn-62755.exe
2432	Unicorn-3348.exe
1912	Unicorn-3348.exe
1840	Unicorn-12183.exe
1508	Unicorn-57855.exe
988	Unicorn-1415.exe
1360	Unicorn-50949.exe
1836	Unicorn-64114.exe
868	Unicorn-58510.exe

Loads dropped DLL 64 IoCs

pid	Process
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2740	Unicorn-54110.exe
2740	Unicorn-54110.exe
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2912	Unicorn-62371.exe
2912	Unicorn-62371.exe
2740	Unicorn-54110.exe
2740	Unicorn-54110.exe
2608	Unicorn-54675.exe
2608	Unicorn-54675.exe
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2604	Unicorn-54812.exe
2604	Unicorn-54812.exe
2912	Unicorn-62371.exe
2912	Unicorn-62371.exe
484	Unicorn-8844.exe
484	Unicorn-8844.exe
2608	Unicorn-54675.exe
2608	Unicorn-54675.exe
3064	Unicorn-1916.exe
3064	Unicorn-1916.exe
2740	Unicorn-54110.exe
2492	Unicorn-3695.exe
2740	Unicorn-54110.exe
2492	Unicorn-3695.exe
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2204	Unicorn-54417.exe
2204	Unicorn-54417.exe
2604	Unicorn-54812.exe
2604	Unicorn-54812.exe
2276	Unicorn-43893.exe
2276	Unicorn-43893.exe
2912	Unicorn-62371.exe
2912	Unicorn-62371.exe
2940	Unicorn-48273.exe
2940	Unicorn-48273.exe
484	Unicorn-8844.exe
484	Unicorn-8844.exe
2936	Unicorn-49184.exe
2936	Unicorn-49184.exe
1644	Unicorn-19226.exe
352	Unicorn-19484.exe
1644	Unicorn-19226.exe
352	Unicorn-19484.exe
2492	Unicorn-3695.exe
2492	Unicorn-3695.exe
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2948	Unicorn-43054.exe
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2948	Unicorn-43054.exe
2768	Unicorn-64897.exe
3064	Unicorn-1916.exe
3064	Unicorn-1916.exe
2768	Unicorn-64897.exe
2740	Unicorn-54110.exe
2740	Unicorn-54110.exe
2608	Unicorn-54675.exe
2608	Unicorn-54675.exe
2288	Unicorn-17606.exe
2288	Unicorn-17606.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2872	1592	WerFault.exe	109
5276	2396	WerFault.exe	126

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59495.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
2740	Unicorn-54110.exe
2912	Unicorn-62371.exe
2608	Unicorn-54675.exe
2604	Unicorn-54812.exe
3064	Unicorn-1916.exe
484	Unicorn-8844.exe
2492	Unicorn-3695.exe
2204	Unicorn-54417.exe
2276	Unicorn-43893.exe
2940	Unicorn-48273.exe
2948	Unicorn-43054.exe
2936	Unicorn-49184.exe
2768	Unicorn-64897.exe
1644	Unicorn-19226.exe
352	Unicorn-19484.exe
2288	Unicorn-17606.exe
2428	Unicorn-57657.exe
2440	Unicorn-11985.exe
268	Unicorn-26597.exe
1064	Unicorn-11461.exe
2376	Unicorn-19411.exe
2468	Unicorn-15343.exe
1688	Unicorn-626.exe
1580	Unicorn-15343.exe
2168	Unicorn-50565.exe
1292	Unicorn-13267.exe
1320	Unicorn-14819.exe
2040	Unicorn-59495.exe
952	Unicorn-22364.exe
2664	Unicorn-8934.exe
2100	Unicorn-59652.exe
1676	Unicorn-38407.exe
888	Unicorn-42355.exe
2560	Unicorn-65293.exe
2280	Unicorn-9879.exe
2892	Unicorn-39824.exe
2612	Unicorn-49917.exe
2864	Unicorn-50457.exe
3068	Unicorn-41308.exe
2636	Unicorn-21707.exe
2616	Unicorn-41573.exe
764	Unicorn-25001.exe
528	Unicorn-30333.exe
2824	Unicorn-37370.exe
2232	Unicorn-17534.exe
2132	Unicorn-63736.exe
2624	Unicorn-52206.exe
1904	Unicorn-23665.exe
1956	Unicorn-20576.exe
1076	Unicorn-14707.exe
2128	Unicorn-14972.exe
1148	Unicorn-45543.exe
1340	Unicorn-9492.exe
2448	Unicorn-21304.exe
2196	Unicorn-30235.exe
1468	Unicorn-62755.exe
2432	Unicorn-3348.exe
1912	Unicorn-3348.exe
1840	Unicorn-12183.exe
1508	Unicorn-57855.exe
988	Unicorn-1415.exe
1360	Unicorn-50949.exe
1836	Unicorn-64114.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 2740	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	30
PID 2852 wrote to memory of 2740	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	30
PID 2852 wrote to memory of 2740	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	30
PID 2852 wrote to memory of 2740	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	30
PID 2740 wrote to memory of 2912	2740	Unicorn-54110.exe	31
PID 2740 wrote to memory of 2912	2740	Unicorn-54110.exe	31
PID 2740 wrote to memory of 2912	2740	Unicorn-54110.exe	31
PID 2740 wrote to memory of 2912	2740	Unicorn-54110.exe	31
PID 2852 wrote to memory of 2608	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	32
PID 2852 wrote to memory of 2608	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	32
PID 2852 wrote to memory of 2608	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	32
PID 2852 wrote to memory of 2608	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	32
PID 2912 wrote to memory of 2604	2912	Unicorn-62371.exe	33
PID 2912 wrote to memory of 2604	2912	Unicorn-62371.exe	33
PID 2912 wrote to memory of 2604	2912	Unicorn-62371.exe	33
PID 2912 wrote to memory of 2604	2912	Unicorn-62371.exe	33
PID 2740 wrote to memory of 3064	2740	Unicorn-54110.exe	34
PID 2740 wrote to memory of 3064	2740	Unicorn-54110.exe	34
PID 2740 wrote to memory of 3064	2740	Unicorn-54110.exe	34
PID 2740 wrote to memory of 3064	2740	Unicorn-54110.exe	34
PID 2608 wrote to memory of 484	2608	Unicorn-54675.exe	35
PID 2608 wrote to memory of 484	2608	Unicorn-54675.exe	35
PID 2608 wrote to memory of 484	2608	Unicorn-54675.exe	35
PID 2608 wrote to memory of 484	2608	Unicorn-54675.exe	35
PID 2852 wrote to memory of 2492	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	36
PID 2852 wrote to memory of 2492	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	36
PID 2852 wrote to memory of 2492	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	36
PID 2852 wrote to memory of 2492	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	36
PID 2604 wrote to memory of 2204	2604	Unicorn-54812.exe	37
PID 2604 wrote to memory of 2204	2604	Unicorn-54812.exe	37
PID 2604 wrote to memory of 2204	2604	Unicorn-54812.exe	37
PID 2604 wrote to memory of 2204	2604	Unicorn-54812.exe	37
PID 2912 wrote to memory of 2276	2912	Unicorn-62371.exe	38
PID 2912 wrote to memory of 2276	2912	Unicorn-62371.exe	38
PID 2912 wrote to memory of 2276	2912	Unicorn-62371.exe	38
PID 2912 wrote to memory of 2276	2912	Unicorn-62371.exe	38
PID 484 wrote to memory of 2940	484	Unicorn-8844.exe	39
PID 484 wrote to memory of 2940	484	Unicorn-8844.exe	39
PID 484 wrote to memory of 2940	484	Unicorn-8844.exe	39
PID 484 wrote to memory of 2940	484	Unicorn-8844.exe	39
PID 2608 wrote to memory of 2768	2608	Unicorn-54675.exe	40
PID 2608 wrote to memory of 2768	2608	Unicorn-54675.exe	40
PID 2608 wrote to memory of 2768	2608	Unicorn-54675.exe	40
PID 2608 wrote to memory of 2768	2608	Unicorn-54675.exe	40
PID 3064 wrote to memory of 1644	3064	Unicorn-1916.exe	41
PID 3064 wrote to memory of 1644	3064	Unicorn-1916.exe	41
PID 3064 wrote to memory of 1644	3064	Unicorn-1916.exe	41
PID 3064 wrote to memory of 1644	3064	Unicorn-1916.exe	41
PID 2740 wrote to memory of 2948	2740	Unicorn-54110.exe	42
PID 2740 wrote to memory of 2948	2740	Unicorn-54110.exe	42
PID 2740 wrote to memory of 2948	2740	Unicorn-54110.exe	42
PID 2740 wrote to memory of 2948	2740	Unicorn-54110.exe	42
PID 2492 wrote to memory of 2936	2492	Unicorn-3695.exe	43
PID 2492 wrote to memory of 2936	2492	Unicorn-3695.exe	43
PID 2492 wrote to memory of 2936	2492	Unicorn-3695.exe	43
PID 2492 wrote to memory of 2936	2492	Unicorn-3695.exe	43
PID 2852 wrote to memory of 352	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	44
PID 2852 wrote to memory of 352	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	44
PID 2852 wrote to memory of 352	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	44
PID 2852 wrote to memory of 352	2852	b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe	44
PID 2204 wrote to memory of 2288	2204	Unicorn-54417.exe	45
PID 2204 wrote to memory of 2288	2204	Unicorn-54417.exe	45
PID 2204 wrote to memory of 2288	2204	Unicorn-54417.exe	45
PID 2204 wrote to memory of 2288	2204	Unicorn-54417.exe	45

C:\Users\Admin\AppData\Local\Temp\b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe
"C:\Users\Admin\AppData\Local\Temp\b0597599e3a43f4cb55486e17ebc004ea7e3081129810951a4da9b90c70fe620N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        10⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        10⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        7⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58510.exe
        7⤵
        Executes dropped EXE
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        6⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
        6⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33815.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
        6⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        6⤵
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
        5⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        6⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49331.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        8⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        7⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        6⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        6⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        6⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61034.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        5⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        7⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        7⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        6⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45197.exe
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        6⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        6⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
        5⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
        6⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        5⤵
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
      4⤵
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        5⤵
        
        PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
      4⤵
      PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
      4⤵
      PID:5844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        7⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11407.exe
        6⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46629.exe
        6⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        6⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        5⤵
        
        PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        6⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        6⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        5⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        6⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40579.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
      4⤵
      PID:2396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        5⤵
        Program crash
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
      4⤵
      PID:5448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
        6⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        5⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        5⤵
        
        PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        5⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
      4⤵
      PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        5⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        5⤵
        
        PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
      4⤵
      PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
      4⤵
      PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
      4⤵
      PID:5408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
      4⤵
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
      4⤵
      PID:6124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
    3⤵
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
    3⤵
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
    3⤵
    PID:5700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        7⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28450.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        6⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        7⤵
        Program crash
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        6⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        7⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        6⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
        5⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52340.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61142.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
        6⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        6⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        5⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1048.exe
      4⤵
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
      4⤵
      PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
        6⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        5⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
      4⤵
      PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
      4⤵
      PID:5524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        5⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
      4⤵
      PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14707.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
      4⤵
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
      4⤵
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
      4⤵
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
      4⤵
      PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
    3⤵
    PID:1516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
    3⤵
    PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
    3⤵
    PID:5848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        7⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        5⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        6⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
        5⤵
        
        PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        5⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
      4⤵
      PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
      4⤵
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
      4⤵
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62755.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
      4⤵
      PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
    3⤵
    PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2407.exe
    3⤵
    PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
    3⤵
    PID:5260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        6⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        5⤵
        
        PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
      4⤵
      PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
      4⤵
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        5⤵
        
        PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
      4⤵
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
    3⤵
    PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
    3⤵
    PID:300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
    3⤵
    PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
    3⤵
    PID:5200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
      4⤵
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
      4⤵
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
    3⤵
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
      4⤵
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
      4⤵
      PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
      4⤵
      PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
    3⤵
    PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
    3⤵
    PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
    3⤵
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
    3⤵
    PID:5492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
      4⤵
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62946.exe
      4⤵
      PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
      4⤵
      PID:5572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
    3⤵
    PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
    3⤵
    PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
    3⤵
    PID:5344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
  2⤵
  PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
    3⤵
    PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
    3⤵
    PID:4648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
    3⤵
    PID:6108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
  2⤵
  PID:3188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
  2⤵
  PID:4424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe

Filesize
468KB

MD5
0c429d9685bf70029e20494504ef9bea

SHA1
70e195e689f87d2b8cec3554db5bb4b71a9c9c82

SHA256
b62a4d981432479b16e5fdbf793af23761500a0c8acb7b4bb22c40e2c823cb87

SHA512
07c5cf8a036af8e2a0f6c2d70bce87f435b89a5e832830256df59925f5ae33f42b0acf67f8457903f13903b92d7938a048104dcf81a464690c1ad8c4134043d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe

Filesize
468KB

MD5
c3e03476520226b40b880e9680146c00

SHA1
1f3f8e17c2a61d01952bc25f67802152315b94c9

SHA256
2f449bc3af0453e6481a80596fa51f59bb2add415d59c6dcadd0695256199dfe

SHA512
3fec0fe8a3780ac7666acd07942b955f16e68e73cbb09a58e1a6f1b4962e4396ddb917111190d0f5713ec486621fa7d1ca2ee7df682558fb5000de08bf01ed8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe

Filesize
468KB

MD5
9a9aebc8c8e0e138352753563bf41ae6

SHA1
c8842c09b10cd37cb154d0b7fea568e56bc13e6e

SHA256
51fed555b08bfbf54d729a74bb4f5abc49b454c82d0e690ad39d68d63305d68f

SHA512
9968fb111e22d98bb7cbe82fa257a88bf54c95571775f8de3bd773b39fa243a27c1bfc1293a84e6109bfa653ef532c4e10b58f39a7535c48520b3673f1380a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe

Filesize
468KB

MD5
9416802f0cd0b141e43e7f0519aaba63

SHA1
f0cdbf48d9181284c02d5fedb5fac06e14278641

SHA256
791bca2df7e5025cc612a444b4968418c8d93271e5c8ac0692c09cb5e0607a44

SHA512
bad378213d88f3e44c4a77fb09683df21916fe36a81ccdf851cc86144697ecba74421656cb40ed107b55531c8f685c2cd009b8a6e2cd49af84df0d4abd137df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe

Filesize
468KB

MD5
9ca7c9c243ef47b3e0dbdaff9a32169d

SHA1
4a79d669e4f95f2e08129f6a9eb5d127959da235

SHA256
28c252c472df9b23ea8b79e87aa3a734eeb73af318f6f685c3591507e45199f5

SHA512
c169905b002a20e5f394c6c6875e168aa94bdc5d84296ef32b516e97c1c18000c88809542b2433226ea7792764050460c77a7e78ec4319ad70040562b04dcc79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe

Filesize
468KB

MD5
a1a77b1e0dea778567927e147c2aa342

SHA1
e6c25b2fa4b9ee78e9dc899e7aa387a829b20c04

SHA256
3f5f6f04a527cbd1d6bf08409d62c79c742b03db23bddb0033874c712d6430a7

SHA512
615d0439c4bf0dfaf4c02862fa9303817663ab125ff4f129a75d421552d902b4badea0deb8e7e4a3da4afc157f7033e7225a02082431f0bc2d0857bafc7a8815

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe

Filesize
468KB

MD5
e2bd1bb52d5a44026500c2dc4f5da1c8

SHA1
8b7fa6848ba16fbecdf160fcc2f8a54fa1a33dd6

SHA256
cb246a2eb02f37d991437ceac577d0cb0e50cb3946a503d245ee16db98f7abea

SHA512
e5b1764619e5a82002e141a2e66d03837ea66f9b299f6aa9f016c8241068ba3df0937d5f4549c7cf462556bca8f1a7dba8273b0b55276ffbf64fceadc7f7bc29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe

Filesize
468KB

MD5
83efa5fcb01287d8fb9006a29cdcd206

SHA1
45eb318452f1990c9bc21ecde659cca576e75af1

SHA256
bbda05ae49feda255162adb14670e4d3d4927687d7ae09b2ab3ca9ff0bfe61b7

SHA512
aa059dc3a5cf9540ec4ceac464465166e0c550dfcc5e2ed9b052f85c0f009fdf92d19d77ef5933893fc3b375cc607f07516c32891f41bf84a8b53054d1703953

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe

Filesize
468KB

MD5
967e1f9f8ebc70cc6027316da265720d

SHA1
c401bd90967005c49e689209c54f74f4c47d4331

SHA256
57eb81d3b6cfa1c0f7b00ba454f268f870ed089ec2086c1e29b5424f7350f687

SHA512
7cee87852f4dfb18e0ed6bfc8afae95dad5a1e71fd56546c2e7d87d1899544a9969aa5b0ce9d4a96846fc2441313545999ea94297c9369be3a4da15c100e7530

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe

Filesize
468KB

MD5
dd02a790c0ddd6f6fa3b59aa12481295

SHA1
02e969cf9942ff19c61053e5899cf67794a75f66

SHA256
122e43880a316da3f1c7ee2ae349e35010ca0363ffaea0cc52eddf1a6e50d22e

SHA512
640d51ad63a2f525583f2e0f263fd92c2e91d7bc5a39e789b10e43528f7386afd16f46aaff613334800210bee0fe5d7cf20246e3e2b7e7030b0dfbea5c225bd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe

Filesize
468KB

MD5
9a605c9a3342d8bdfd18c75060c98f50

SHA1
c54e9ccc62ff54767c167886d301ca37e8f60cd8

SHA256
6d46e66168b050448dcbd8fe79e3cfa50fbc0346039e99b58d64f7b5aba251b8

SHA512
740aa85aa0364854b969471d969fc559a4515da47c547eb0167f18b9d62f50f436a2f922ef432cd207a2704f16c96f9534ae95fb102c03f6f17225207746ae0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe

Filesize
468KB

MD5
21ede4b5caad92a8034c6f293a4f1941

SHA1
6b7ca21db682fb42c1e09595e5c7f15acfd96525

SHA256
4799277fc1f218f7ca23565144748cf116670f33e5f7d42b3455e042b44fb7b5

SHA512
f8f0e97617f6464d83b30d04dc247e0e69c50ec534405573967a3361b14cecb3f69adaf8a40640855ec84cc28e0cec3691eef3b45eaaf9d6136f11978df145f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe

Filesize
468KB

MD5
10e179c62c0ce41680e0a0e16dca4e6b

SHA1
2ac223a9e315c90842424eec4bf98b3338131bf3

SHA256
8ba4b87763a8b128b20504b98f531fe831c5549b5ac9b3699ea4155ae3988c66

SHA512
98ec15a783567b0b201d1f5c2747f661273b69019999663c4dc5016dda1d108f089696c02bdcc578cd0821963c36748bca7c6c6024942cd09945cd8267085269

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe

Filesize
468KB

MD5
6ec81b455e5fd5f89685df5328c1f1d8

SHA1
b176534b748d88c2272a1edbd9f46187a0c6aac7

SHA256
66d89eb3140722401560327eea89dd1009490574d1b9ab759ebd2e230ce38c64

SHA512
8a2c4879e5135e4cc9bf696e596f7a6dbcce087c9390bdd636d39cd495a8c83d71e523f02efaa2cf65c0f7b2403e9751ab70fddfc08f4161d5f06428e3b36890

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe

Filesize
468KB

MD5
a4c5f73abc239cc3d31cae796d1556e7

SHA1
1f753fe2342202181f4d141b5795a27aa0231957

SHA256
4eaa69c2c59dab21c1533a1a1e88226e3c924455b2d3184fc8fac590f545e0e9

SHA512
c39cbcaa670748c886b08f537475f249cf06073fecb17606060a5f625793d10434ea56badf6a343b73bf7fbf31b4709051db772d5689798e008b3e75739bda3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe

Filesize
468KB

MD5
b77aebf550033b7991020857b55a2932

SHA1
ebbc98358fc7133acb0cc6aee2f0e6caf45b0383

SHA256
4d5cc48d04b20adb1e1477785c1f91098be8fd1b19dde5cab5dc6a565435101b

SHA512
c5d8578413ebf8d6f3046527291197d0227bf3b0f8cace3b53f9f08dded87d65ca0e01f2a7a7e2df642ac86f34f2828463a40a6009df2fc8325ecdb46c514892

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe

Filesize
468KB

MD5
c7296f5f0a3291e51010b6e2907b583c

SHA1
82b622582bace5ace87c888419a1b0b60cf1817d

SHA256
65322fa4e7ba3491ba9a03533b507e09a3e0e0ccef7fe4aa6903e83d74098a77

SHA512
fbdc015a421ff0ab8f75e9b0da8ab873d0e65278e23c19c89009a241b32ade45a5287f4ec8b3ead94cd356fca9c13ae31608bd1fa771e5966471df4a5ac57b53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe

Filesize
468KB

MD5
b296a6d91067a85e53a88c1eb9d85277

SHA1
f343d85a24ef0f127add7dcd27312ab841882adb

SHA256
c1206cea428079205ea7a9ccfb67eb89b6f8b5905f8bba6478c4d023fa39b936

SHA512
ed237d0233160a6f14a71147c613a786ff6a191b9a4265796fd8f50d7a663a564e5b1a0404aa0af71b46cd067f2319fafee6a3bf8f85e2e3d5dedb5d23a76b97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe

Filesize
468KB

MD5
d8605ef7bb821615de2aac85c3223bd8

SHA1
b11b5d54b0fbc43094cfa566796eafcd9cec8ea0

SHA256
e39d1a69d61d3f2ef3213cefbe7a7cf9f9a8f57a12616452aa403a1563571a8a

SHA512
f8e0c8e28ea00d3fcbab215d74afbb6ea915007888560e804432d0d05b747f81f351ffa61d58941e2e2266e31f5401ae1aed9ca6ba53c1c5a8fb1f9a84f07484

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe

Filesize
468KB

MD5
3c97efb40ba3e8fd6ff3c9232ae991f7

SHA1
ec6ffb6acd409ed8795e4731156de2feb4496ecd

SHA256
29ae40c2b28e80ce92c8a48c5e677f7b01dfb0b77bf3753b758d778bbe0bcfc6

SHA512
5e85d1e9d1a9a36401c398690e5fb86e9cc1932afdc53b466eb5d6cba284279ee72e2103eba9b59a2555e1a49bbea45ad7428e24e25d8af27b57e7e1b5536b5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe

Filesize
468KB

MD5
16ae747c04864fe735476e5d53b4cf3d

SHA1
0533ddd8b9a0da7ad419c3c25b98f57eccbdf915

SHA256
706a03a87516d5a265ed0b6115e78ef09d17a292dda55af60c521bc470580de1

SHA512
cc1d631ff24cda0fd307cf8fb813d056384eafe742279d7b2e43de97fe3b30375ad00655fa4b078e92ff7f84aea3062abd7b680664c427314f0164d1805b88d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe

Filesize
468KB

MD5
9b7f789538dbfcbc980b1e3f9a0164ba

SHA1
46f0db63daf76193f51410d0be53e67abc9e963f

SHA256
a62801ed3418d46fd201fb8fafda001147847c4026fc27ec2254a4cf03fda4b7

SHA512
05c4fe1d42f47981dd91e98ddd91ae9ae079969f5b0fe1b27e61616411b539388888764d80b3b4087bee29604a2b7cf7128b144115ad11f1606c7df9a34f6158

Download Submit