b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04fe

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
Size

468KB
MD5

1b818c8f45046e01d3dab6f2f4978940
SHA1

7c65ff50ad44696f23072584435feed76da32e43
SHA256

b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04fe
SHA512

14a673aebcd78e99ee8aa2bd8c1588bce209e95b1b7ba13801152ef638a037cd6fd59d3af964932463d9021807284224b39d9772589ae160e42b09ef169262b2
SSDEEP

3072:1bACogIdj05U4bYJP0Njff8/ECYFtIpCnmHeAVp+pAK3VpPVRGld:1b1or8U4OPojffh0orpAIHPVR

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2784	Unicorn-38082.exe
2684	Unicorn-49592.exe
2420	Unicorn-53121.exe
2592	Unicorn-40236.exe
2596	Unicorn-49181.exe
2988	Unicorn-3842.exe
1528	Unicorn-55311.exe
2368	Unicorn-19243.exe
884	Unicorn-37810.exe
1520	Unicorn-40898.exe
896	Unicorn-31560.exe
2616	Unicorn-7649.exe
2440	Unicorn-56850.exe
2860	Unicorn-52937.exe
592	Unicorn-52937.exe
2204	Unicorn-63918.exe
2184	Unicorn-903.exe
444	Unicorn-37598.exe
1104	Unicorn-40702.exe
1612	Unicorn-65200.exe
1140	Unicorn-65200.exe
1296	Unicorn-65200.exe
2504	Unicorn-48864.exe
2628	Unicorn-2086.exe
1644	Unicorn-48023.exe
2732	Unicorn-31686.exe
1240	Unicorn-61566.exe
1936	Unicorn-2159.exe
2512	Unicorn-28701.exe
2300	Unicorn-34832.exe
2336	Unicorn-47447.exe
2940	Unicorn-46093.exe
2168	Unicorn-12652.exe
904	Unicorn-20690.exe
1596	Unicorn-1177.exe
2064	Unicorn-7307.exe
2804	Unicorn-20114.exe
2680	Unicorn-8542.exe
2856	Unicorn-32770.exe
2884	Unicorn-24111.exe
2544	Unicorn-10981.exe
2540	Unicorn-63711.exe
2560	Unicorn-14510.exe
304	Unicorn-42885.exe
2980	Unicorn-42885.exe
2636	Unicorn-35398.exe
2128	Unicorn-51734.exe
1692	Unicorn-51469.exe
708	Unicorn-18486.exe
2292	Unicorn-64157.exe
2852	Unicorn-9171.exe
596	Unicorn-17033.exe
1372	Unicorn-62407.exe
264	Unicorn-48672.exe
1348	Unicorn-19337.exe
1568	Unicorn-19337.exe
2404	Unicorn-62616.exe
2096	Unicorn-56486.exe
1096	Unicorn-62351.exe
2364	Unicorn-42750.exe
1880	Unicorn-64327.exe
568	Unicorn-20235.exe
1400	Unicorn-32465.exe
796	Unicorn-3322.exe

Loads dropped DLL 64 IoCs

pid	Process
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2784	Unicorn-38082.exe
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2784	Unicorn-38082.exe
2684	Unicorn-49592.exe
2684	Unicorn-49592.exe
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2784	Unicorn-38082.exe
2784	Unicorn-38082.exe
2420	Unicorn-53121.exe
2420	Unicorn-53121.exe
2596	Unicorn-49181.exe
2596	Unicorn-49181.exe
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2988	Unicorn-3842.exe
2988	Unicorn-3842.exe
2784	Unicorn-38082.exe
2784	Unicorn-38082.exe
1528	Unicorn-55311.exe
2592	Unicorn-40236.exe
1528	Unicorn-55311.exe
2420	Unicorn-53121.exe
2592	Unicorn-40236.exe
2420	Unicorn-53121.exe
2684	Unicorn-49592.exe
2684	Unicorn-49592.exe
2368	Unicorn-19243.exe
2368	Unicorn-19243.exe
2596	Unicorn-49181.exe
2596	Unicorn-49181.exe
884	Unicorn-37810.exe
884	Unicorn-37810.exe
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
1520	Unicorn-40898.exe
896	Unicorn-31560.exe
2616	Unicorn-7649.exe
1520	Unicorn-40898.exe
896	Unicorn-31560.exe
2616	Unicorn-7649.exe
2860	Unicorn-52937.exe
2860	Unicorn-52937.exe
2988	Unicorn-3842.exe
2784	Unicorn-38082.exe
2784	Unicorn-38082.exe
2988	Unicorn-3842.exe
1528	Unicorn-55311.exe
1528	Unicorn-55311.exe
2420	Unicorn-53121.exe
2420	Unicorn-53121.exe
592	Unicorn-52937.exe
592	Unicorn-52937.exe
2684	Unicorn-49592.exe
2684	Unicorn-49592.exe
2440	Unicorn-56850.exe
2440	Unicorn-56850.exe
2592	Unicorn-40236.exe
2592	Unicorn-40236.exe
2204	Unicorn-63918.exe
2204	Unicorn-63918.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3792	1084	WerFault.exe	120
5508	3032	WerFault.exe	121

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3471.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
2784	Unicorn-38082.exe
2420	Unicorn-53121.exe
2684	Unicorn-49592.exe
2596	Unicorn-49181.exe
1528	Unicorn-55311.exe
2988	Unicorn-3842.exe
2592	Unicorn-40236.exe
2368	Unicorn-19243.exe
884	Unicorn-37810.exe
2440	Unicorn-56850.exe
1520	Unicorn-40898.exe
2616	Unicorn-7649.exe
896	Unicorn-31560.exe
592	Unicorn-52937.exe
2860	Unicorn-52937.exe
2204	Unicorn-63918.exe
2184	Unicorn-903.exe
444	Unicorn-37598.exe
1104	Unicorn-40702.exe
1612	Unicorn-65200.exe
1296	Unicorn-65200.exe
1140	Unicorn-65200.exe
2504	Unicorn-48864.exe
1644	Unicorn-48023.exe
2628	Unicorn-2086.exe
2732	Unicorn-31686.exe
1240	Unicorn-61566.exe
1936	Unicorn-2159.exe
2512	Unicorn-28701.exe
2300	Unicorn-34832.exe
2336	Unicorn-47447.exe
2940	Unicorn-46093.exe
2168	Unicorn-12652.exe
904	Unicorn-20690.exe
1596	Unicorn-1177.exe
2804	Unicorn-20114.exe
2680	Unicorn-8542.exe
2856	Unicorn-32770.exe
2884	Unicorn-24111.exe
2544	Unicorn-10981.exe
2540	Unicorn-63711.exe
2560	Unicorn-14510.exe
304	Unicorn-42885.exe
2980	Unicorn-42885.exe
2636	Unicorn-35398.exe
1692	Unicorn-51469.exe
2128	Unicorn-51734.exe
708	Unicorn-18486.exe
2292	Unicorn-64157.exe
2852	Unicorn-9171.exe
596	Unicorn-17033.exe
264	Unicorn-48672.exe
1568	Unicorn-19337.exe
1372	Unicorn-62407.exe
1348	Unicorn-19337.exe
2096	Unicorn-56486.exe
1096	Unicorn-62351.exe
2404	Unicorn-62616.exe
2364	Unicorn-42750.exe
1880	Unicorn-64327.exe
568	Unicorn-20235.exe
1400	Unicorn-32465.exe
796	Unicorn-3322.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2784	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	30
PID 2660 wrote to memory of 2784	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	30
PID 2660 wrote to memory of 2784	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	30
PID 2660 wrote to memory of 2784	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	30
PID 2660 wrote to memory of 2684	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	32
PID 2660 wrote to memory of 2684	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	32
PID 2660 wrote to memory of 2684	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	32
PID 2660 wrote to memory of 2684	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	32
PID 2784 wrote to memory of 2420	2784	Unicorn-38082.exe	31
PID 2784 wrote to memory of 2420	2784	Unicorn-38082.exe	31
PID 2784 wrote to memory of 2420	2784	Unicorn-38082.exe	31
PID 2784 wrote to memory of 2420	2784	Unicorn-38082.exe	31
PID 2684 wrote to memory of 2592	2684	Unicorn-49592.exe	33
PID 2684 wrote to memory of 2592	2684	Unicorn-49592.exe	33
PID 2684 wrote to memory of 2592	2684	Unicorn-49592.exe	33
PID 2684 wrote to memory of 2592	2684	Unicorn-49592.exe	33
PID 2660 wrote to memory of 2596	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	34
PID 2660 wrote to memory of 2596	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	34
PID 2660 wrote to memory of 2596	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	34
PID 2660 wrote to memory of 2596	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	34
PID 2784 wrote to memory of 2988	2784	Unicorn-38082.exe	35
PID 2784 wrote to memory of 2988	2784	Unicorn-38082.exe	35
PID 2784 wrote to memory of 2988	2784	Unicorn-38082.exe	35
PID 2784 wrote to memory of 2988	2784	Unicorn-38082.exe	35
PID 2420 wrote to memory of 1528	2420	Unicorn-53121.exe	36
PID 2420 wrote to memory of 1528	2420	Unicorn-53121.exe	36
PID 2420 wrote to memory of 1528	2420	Unicorn-53121.exe	36
PID 2420 wrote to memory of 1528	2420	Unicorn-53121.exe	36
PID 2596 wrote to memory of 2368	2596	Unicorn-49181.exe	37
PID 2596 wrote to memory of 2368	2596	Unicorn-49181.exe	37
PID 2596 wrote to memory of 2368	2596	Unicorn-49181.exe	37
PID 2596 wrote to memory of 2368	2596	Unicorn-49181.exe	37
PID 2660 wrote to memory of 884	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	38
PID 2660 wrote to memory of 884	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	38
PID 2660 wrote to memory of 884	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	38
PID 2660 wrote to memory of 884	2660	b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe	38
PID 2988 wrote to memory of 1520	2988	Unicorn-3842.exe	39
PID 2988 wrote to memory of 1520	2988	Unicorn-3842.exe	39
PID 2988 wrote to memory of 1520	2988	Unicorn-3842.exe	39
PID 2988 wrote to memory of 1520	2988	Unicorn-3842.exe	39
PID 2784 wrote to memory of 896	2784	Unicorn-38082.exe	40
PID 2784 wrote to memory of 896	2784	Unicorn-38082.exe	40
PID 2784 wrote to memory of 896	2784	Unicorn-38082.exe	40
PID 2784 wrote to memory of 896	2784	Unicorn-38082.exe	40
PID 1528 wrote to memory of 2616	1528	Unicorn-55311.exe	42
PID 1528 wrote to memory of 2616	1528	Unicorn-55311.exe	42
PID 1528 wrote to memory of 2616	1528	Unicorn-55311.exe	42
PID 1528 wrote to memory of 2616	1528	Unicorn-55311.exe	42
PID 2592 wrote to memory of 2440	2592	Unicorn-40236.exe	41
PID 2592 wrote to memory of 2440	2592	Unicorn-40236.exe	41
PID 2592 wrote to memory of 2440	2592	Unicorn-40236.exe	41
PID 2592 wrote to memory of 2440	2592	Unicorn-40236.exe	41
PID 2420 wrote to memory of 2860	2420	Unicorn-53121.exe	43
PID 2420 wrote to memory of 2860	2420	Unicorn-53121.exe	43
PID 2420 wrote to memory of 2860	2420	Unicorn-53121.exe	43
PID 2420 wrote to memory of 2860	2420	Unicorn-53121.exe	43
PID 2684 wrote to memory of 592	2684	Unicorn-49592.exe	44
PID 2684 wrote to memory of 592	2684	Unicorn-49592.exe	44
PID 2684 wrote to memory of 592	2684	Unicorn-49592.exe	44
PID 2684 wrote to memory of 592	2684	Unicorn-49592.exe	44
PID 2368 wrote to memory of 2204	2368	Unicorn-19243.exe	45
PID 2368 wrote to memory of 2204	2368	Unicorn-19243.exe	45
PID 2368 wrote to memory of 2204	2368	Unicorn-19243.exe	45
PID 2368 wrote to memory of 2204	2368	Unicorn-19243.exe	45

C:\Users\Admin\AppData\Local\Temp\b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe
"C:\Users\Admin\AppData\Local\Temp\b1403df9e35c6026bc4a29879b8757fab73bc7873a2dcf04ecc51e19f7fa04feN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24111.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        8⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        8⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        7⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        7⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        6⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        7⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        6⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        6⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        6⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        6⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        5⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48864.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        8⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        7⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        7⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        6⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        6⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        5⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        5⤵
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        6⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19958.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        7⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        6⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33625.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        6⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        5⤵
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36582.exe
        5⤵
        
        PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        5⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        5⤵
        
        PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
      4⤵
      PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
      4⤵
      PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3842.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        7⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        6⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
        6⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 208
        7⤵
        Program crash
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
        6⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        6⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        5⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        5⤵
        
        PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10639.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        6⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        6⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        5⤵
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        5⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        6⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        5⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        5⤵
        
        PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49495.exe
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        5⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7300.exe
        5⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        5⤵
        
        PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
      4⤵
      PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
      4⤵
      PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
      4⤵
      PID:6796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        7⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        6⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        6⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        5⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        6⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        6⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        5⤵
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        5⤵
        
        PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
        5⤵
        
        PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
      4⤵
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10869.exe
      4⤵
      PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
      4⤵
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
      4⤵
      PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18486.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24854.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        6⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        5⤵
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
      4⤵
      PID:6124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 220
        5⤵
        Program crash
        
        PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
      4⤵
      PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
      4⤵
      PID:6768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
    3⤵
    PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
    3⤵
    PID:3660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
    3⤵
    PID:4164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59477.exe
    3⤵
    PID:5068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
    3⤵
    PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
    3⤵
    PID:6868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        8⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        8⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
        7⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
        7⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        6⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        6⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        5⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        5⤵
        
        PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        5⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        6⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        6⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        6⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        5⤵
        
        PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        5⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
      4⤵
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        5⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
      4⤵
      PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
      4⤵
      PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        7⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        7⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        6⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        6⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        5⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        6⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        6⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        5⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        5⤵
        
        PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60606.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
        6⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40258.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        5⤵
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
      4⤵
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
      4⤵
      PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
      4⤵
      PID:7088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28701.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        5⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        6⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        6⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        6⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        5⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        5⤵
        
        PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
      4⤵
      PID:6260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        5⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22540.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        5⤵
        
        PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
      4⤵
      PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
      4⤵
      PID:6988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
    3⤵
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
      4⤵
      PID:308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
      4⤵
      PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
    3⤵
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
    3⤵
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
    3⤵
    PID:4896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
    3⤵
    PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
    3⤵
    PID:6920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10639.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        7⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        6⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36069.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        5⤵
        
        PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        6⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        6⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
      4⤵
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        5⤵
        
        PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
      4⤵
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      4⤵
      PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
      4⤵
      PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
      4⤵
      PID:6424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        5⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
        5⤵
        
        PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
      4⤵
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48702.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        5⤵
        
        PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
      4⤵
      PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
      4⤵
      PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
      4⤵
      PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        5⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        5⤵
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
      4⤵
      PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
      4⤵
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
      4⤵
      PID:6312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
    3⤵
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
      4⤵
      PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      4⤵
      PID:6248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
    3⤵
    PID:916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
    3⤵
    PID:3816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
    3⤵
    PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
    3⤵
    PID:7132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
      4⤵
      Executes dropped EXE
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        5⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        6⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        5⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        5⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20207.exe
        5⤵
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
      4⤵
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        5⤵
        
        PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
      4⤵
      PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
      4⤵
      PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
      4⤵
      PID:6468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12857.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20932.exe
        5⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
      4⤵
      PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
    3⤵
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
      4⤵
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
      4⤵
      PID:6624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
    3⤵
    PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
    3⤵
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
    3⤵
    PID:4400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
    3⤵
    PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
    3⤵
    PID:6972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
      4⤵
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        5⤵
        
        PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
      4⤵
      PID:236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
      4⤵
      PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
      4⤵
      PID:7156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
    3⤵
    PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
    3⤵
    PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
    3⤵
    PID:7012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
    3⤵
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
      4⤵
      PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
      4⤵
      PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
      4⤵
      PID:7028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
    3⤵
    PID:1828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
    3⤵
    PID:5304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
    3⤵
    PID:5156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
    3⤵
    PID:6956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
  2⤵
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
    3⤵
    PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
    3⤵
    PID:4468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
    3⤵
    PID:5768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
    3⤵
    PID:7020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
  2⤵
  PID:4676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
  2⤵
  PID:5436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
  2⤵
  PID:6664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe

Filesize
468KB

MD5
066f2eea87016e75c8f2b8c59750e25a

SHA1
acc6871bd17fb914f111d209a2fbc6923d2d25e5

SHA256
fe74b10646cefc9966d4ebaed53f74dccc7fc6c2dc8e192ba8d552df7c94ac32

SHA512
f8872518a4dcad71eb8ccd39a1dba98e5a5ade9c978818637727d18ed85101f2dcb1e3a48b005d1d4e06b7801cfd93bd1410664e3cf05f3c8d19d967e9f1a92f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe

Filesize
468KB

MD5
9e0a64b4fca5741c8fede7687bdb4e12

SHA1
d9bced7657baf3e4b465a6545266898b91ff8fcd

SHA256
3713775dd03daa77fa6b86435a297be592d4926fef483c3d3bc0c34581cf145e

SHA512
e42d498f38f14904aeed28b1b4ad42e8a8bf0249703c397ade462f1de1542208f2cf1048559def97cced59cbd0de3b8442f426f1041e09861ad313d5d1105464

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe

Filesize
468KB

MD5
23f6db9e168c994c5d9f6d9ce7c1b0f6

SHA1
5a6d26d10aa8c065513dd92bc3d23945fe0c9939

SHA256
d7b7a3191ca40e953c9a07e3dc2719e9a201596fb5b053022a25978d00649b6f

SHA512
9c7fdcbad911529d93d7ba0e885f79450f46808990071328c29ff5781878b89172bad3bd216d1821b344b94af32fc19908b08a3024f97ea178e478a2aad49fb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe

Filesize
468KB

MD5
b08ccd4ac5c3ecb24a436aacb8cb0000

SHA1
c4c84efd2d9519af3393b8dfacb8706542efb2b1

SHA256
daed1dde60b317a5ecf8500ad8ae4fa653e87b057934752a2ca5a515067d17a5

SHA512
508d45eee34d1807f56333e490129bbe03029bf0e627369d4fdb8a60ea55cccc6a42a182fd46494fb6201fd0bb3d0d07025294575a30cf770282671d1b894ad6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe

Filesize
468KB

MD5
32df2c82a69756fba32695fc67e6cf67

SHA1
70223b257b37af96f1b0bc12870a970dac53f40a

SHA256
885b8fbb08f6359c7586bca19572f4411649b5ad4f6e095e4ec9bf0fea0725db

SHA512
8793eedaa980bcb004b57e4e3351bb3356aa83ff2230183f4fac9dae959fc4d2df8fd1d1c96f88d394cd0a87c2d45c5ce7c28d1b82a53daa75bdb5f0d2253053

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe

Filesize
468KB

MD5
eec9f6bd303f557749e0dd1b2b4f3d73

SHA1
e41cf8555dcccb3be4d37d81304cb650a0e698cf

SHA256
83105d03508d953fa01310614b46ae827befbc89b8b973a445751907a99ad2d3

SHA512
01a755c9efb0da4ce4ad380560bc37988c84b574f1d6a12121b4e50ebe52edfec43bcad3dd1a0f891bd4c36190ee71c99c4c1afda97404f7019adab9005b5f93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe

Filesize
468KB

MD5
e112127a6a20c6dbb5a9fc6aaf1b60a9

SHA1
5448fa3ad3c97ca7a76bc87d94bbd20ecb2dd821

SHA256
7aade50af26a8ff82f9581dcfbfa1171a641da37347c245e865b214da64c6ba5

SHA512
1f17defc2a7bc1db12b5df00f990b18c21a4683d581cab0ef5715814a0f309b1751de275502ccdac772efdcc1fd4062aa57a8e6bd0c53157c00b7267631eee3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe

Filesize
468KB

MD5
cb156516b6c472089580955dab5dcb09

SHA1
6eba83d855610e1fa8d3f42c98475a075f690daf

SHA256
0dc320884ba0e6a53a6896b5cfb6649b52362a6d8043748ba6eb155f3c8392c9

SHA512
dc3eab32c534f866beef393f40307f05b4a7877d7da803fdd1a1fedbd2aab55ee3399b4716bf5ff5c6ee612221019c24f1c1ea82598ea276ed754bb321c1c2f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3842.exe

Filesize
468KB

MD5
babde565b67d78f08201f37f765db8f1

SHA1
c1fc965ce6638996a43ff4576e1625eee3977b7e

SHA256
369c7cb61ede7b1f5d3bdbfab7c8cdb6a27daa802778eaf6242445f811edfc65

SHA512
0ceea9618ef723c3c5b912707fa4bf45827373831ef6534607a3002495931a643b24a64db4f94d358449f20f9a1900593a59de9fb85e5933e5bd633e108b88e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe

Filesize
468KB

MD5
4cf25d4beeb978b4de6b3917764418a7

SHA1
7536ffba42305b888b77003a6051c9537b78e02d

SHA256
036f5e45e1187ac5285c7dd35dfe24415694136e859f575b1d427330e625f6ca

SHA512
8ad9f5953c44bf5730c55e7a2af2b83904d523f897283652f1f5cacb7f4bd57bf5dee187397a24669a5b325507c9a8f0753a011ce19bf722a5b826f2842e69aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe

Filesize
468KB

MD5
92671ae140e5a8cccc6e33a66831b7ef

SHA1
c2a0a4685132701e20a4ac093d9d134a25f1391c

SHA256
ce472ad7701aa1d5e0b48de6454d0c4b5dee0d687f4be505ed5afbab39329edf

SHA512
aca090140e64c49ac94001c2950840afbb441615dfe72a069b7c2e7af4d5b4f75387548369c6352510268c357bea331e9b03be9738e8152eee95439b90ea32f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe

Filesize
468KB

MD5
cd2819e5344c8c6477c04158f8a93c14

SHA1
eae05c58991fe180cbb0236d179a5759a9a8964a

SHA256
4f9ec50cc1504367e5fdedadd46fc70ecfbe26d2958724bb4acc8e8eed1827bd

SHA512
7e5dfbf1334fcf991d036513a33ba630d59e903387797c111da6749899cbeb18f1645c2df37616c0945b790b535e69927247ca0ebbb8909cf5d95515a776bc58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe

Filesize
468KB

MD5
2aaa730f89f0a3f789b97c26e5d540bf

SHA1
5cdd007789d8582b83fdc17f815f66ff1a123c83

SHA256
074dd9b7507729eb4e8ef8d8636ccc903a1723261850f70795aa81db0f4870b8

SHA512
066a813a6ebbf4a5564fed324aaf8099b878cac35ef6045680179b726bccd54b248fb627c36b2f7c295fbc10f916a3be615aa6caa3f9d373dd6619d8faca6b97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe

Filesize
468KB

MD5
8cc4c965f2157d602138087260b0c97e

SHA1
6d72634f8e4602df2f2051212fa6dd979ce1674b

SHA256
af5252d6d13c1c8a7a112ae769cc693affa5f25754cbb90fe51c8dd4fd7dca13

SHA512
a19193daf93b49edeaf89d9818eff1a1eb63295139daab22f69159fe8007102951a828ad9bd7925a58d75f8710216589f5b3d64df2bb3c44b728518c11793496

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe

Filesize
468KB

MD5
13442dc19da365dfcca4d7008fa28614

SHA1
ac9bfa2c20cc977d442d2cc5ea3ada7ecae6f9ed

SHA256
9731e72115ca77184376499785ae6c04057adaa3de50ffcd6297f4e41b2b7279

SHA512
3f1e3b8e3cf4400b5c8551cc4dd7698a11e5dbd291d5288193a66b2eedc52af70316163155abe880b1f53537f09f491722765630ca33f0b5b9306232f7265cb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe

Filesize
468KB

MD5
8f919c9f9b68a58f52b9408fc7807e96

SHA1
9f963e44a01a6d787f24ed92224d8a2e3af69f64

SHA256
3223d05c573d10508218d45225e40cc07cde6e8f598b657375d1752e9a41bc11

SHA512
815abedb084a7088f7fe9689fddc8d10e85fba418b941fe88242b57aa0926b4da65246737e505451b633068f43868bf38887dd4b0b71b80faed1d2786702306c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe

Filesize
468KB

MD5
8a6017bece413419771966fc70bc7186

SHA1
5d71f16f8af75565c1db2ac3ee7c29c96758da96

SHA256
9425251d0731c76f39a6d9f0834242667ea273f23761d295cb92a0c5cacec11c

SHA512
3fc1019a35a7aea9d25e3de7f83a6a248ebe6f7f6ad2c8f95c543665fe9025eb0cfad63fa96655e955790c1da92174580d861e179947a34c35b3ff44385e5a74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe

Filesize
468KB

MD5
b92851b06b77f69df5c753e2e7de2651

SHA1
cb174b2e9ce18a92c01cbb093573f8f45c40782b

SHA256
957a6cfbd5a5d00b262fa26f948266ae86b5b4b06b0ccc1155919ecf3951d7a2

SHA512
8060803ceb95262e21d34ecfb460f0dd00686230f7e46f0b0d57001d7876662560b24c611600a2d3ee8d7e6c9acbbf2f9de2febc60c608dfff6f19c0480ad4ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-903.exe

Filesize
468KB

MD5
b69112fbb9b0c07e13d5dcd6882c1544

SHA1
07aa520fe1cd913a65f2b6d871c90ef8a1dbc8b6

SHA256
990e21e6e81c9d77dd315634888e2e7864c097c401e1ce060e93ad8874769a7f

SHA512
ee45df1684b92a7003690f7e7606f52f99969d41f73afa277e88fc639459cc8d815131a90bcb2b20b9949d696e307ea1ae5f2e57867b274f6c40736734cb6cd3

Download Submit