b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153

Analysis

max time kernel
116s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
Size

468KB
MD5

1fc87ff273ea31a615454a79e41c5c10
SHA1

76c8399053ef49b808b6ebf37f5ae752370ae73f
SHA256

b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153
SHA512

da67bdf92fc4f24c5b98b063a5a71a871c6d6f12bdb658625bfaaa389c566837e8c316ebbf48f3f70d760f68875688d1f5a371b976fed089d952956be37baa66
SSDEEP

3072:6VgBogXdSS5BtgYtPzkjOf8/iCetZnpsnbHhYEhNclGMyXSCkhE5:6VSo9GBtTPgjOfJpalcl/wSCk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1920	Unicorn-51207.exe
2304	Unicorn-29801.exe
2816	Unicorn-48830.exe
2288	Unicorn-56889.exe
2852	Unicorn-41944.exe
1204	Unicorn-11217.exe
2608	Unicorn-1003.exe
1712	Unicorn-35997.exe
2248	Unicorn-23745.exe
1952	Unicorn-56509.exe
2084	Unicorn-62639.exe
1892	Unicorn-61077.exe
1820	Unicorn-60812.exe
640	Unicorn-41211.exe
1268	Unicorn-45317.exe
1988	Unicorn-54061.exe
2588	Unicorn-38279.exe
2388	Unicorn-52015.exe
2200	Unicorn-17859.exe
1944	Unicorn-37725.exe
1996	Unicorn-36962.exe
1888	Unicorn-6998.exe
1496	Unicorn-34003.exe
2396	Unicorn-14974.exe
2280	Unicorn-22878.exe
1792	Unicorn-23143.exe
624	Unicorn-57953.exe
776	Unicorn-46256.exe
1292	Unicorn-6706.exe
2456	Unicorn-21436.exe
968	Unicorn-17906.exe
1284	Unicorn-7045.exe
1776	Unicorn-11876.exe
2332	Unicorn-31742.exe
1572	Unicorn-64506.exe
2956	Unicorn-5099.exe
1108	Unicorn-20978.exe
2984	Unicorn-19106.exe
2400	Unicorn-35634.exe
2972	Unicorn-40894.exe
2644	Unicorn-35634.exe
2788	Unicorn-51784.exe
2872	Unicorn-40848.exe
2676	Unicorn-3345.exe
2584	Unicorn-11513.exe
3040	Unicorn-57185.exe
2316	Unicorn-60806.exe
2072	Unicorn-44378.exe
2108	Unicorn-16344.exe
1964	Unicorn-22182.exe
1576	Unicorn-35918.exe
832	Unicorn-37964.exe
2908	Unicorn-27850.exe
988	Unicorn-27585.exe
1080	Unicorn-38056.exe
2384	Unicorn-52245.exe
2420	Unicorn-13905.exe
2208	Unicorn-11404.exe
2220	Unicorn-48253.exe
2992	Unicorn-54383.exe
1512	Unicorn-19935.exe
1684	Unicorn-60221.exe
1540	Unicorn-23364.exe
1908	Unicorn-41939.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
1920	Unicorn-51207.exe
1920	Unicorn-51207.exe
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
1920	Unicorn-51207.exe
1920	Unicorn-51207.exe
2304	Unicorn-29801.exe
2304	Unicorn-29801.exe
2816	Unicorn-48830.exe
2816	Unicorn-48830.exe
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
2288	Unicorn-56889.exe
1204	Unicorn-11217.exe
1204	Unicorn-11217.exe
2288	Unicorn-56889.exe
1920	Unicorn-51207.exe
1920	Unicorn-51207.exe
2852	Unicorn-41944.exe
2852	Unicorn-41944.exe
2608	Unicorn-1003.exe
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
2304	Unicorn-29801.exe
2608	Unicorn-1003.exe
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
2304	Unicorn-29801.exe
1712	Unicorn-35997.exe
1712	Unicorn-35997.exe
2248	Unicorn-23745.exe
2248	Unicorn-23745.exe
1204	Unicorn-11217.exe
2816	Unicorn-48830.exe
2816	Unicorn-48830.exe
1204	Unicorn-11217.exe
2288	Unicorn-56889.exe
2288	Unicorn-56889.exe
1820	Unicorn-60812.exe
1820	Unicorn-60812.exe
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
2084	Unicorn-62639.exe
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
2084	Unicorn-62639.exe
2852	Unicorn-41944.exe
2852	Unicorn-41944.exe
1952	Unicorn-56509.exe
1952	Unicorn-56509.exe
1920	Unicorn-51207.exe
1920	Unicorn-51207.exe
1892	Unicorn-61077.exe
1892	Unicorn-61077.exe
640	Unicorn-41211.exe
640	Unicorn-41211.exe
2608	Unicorn-1003.exe
2608	Unicorn-1003.exe
2304	Unicorn-29801.exe
2304	Unicorn-29801.exe
1268	Unicorn-45317.exe
1268	Unicorn-45317.exe
1712	Unicorn-35997.exe
1988	Unicorn-54061.exe
1712	Unicorn-35997.exe
1988	Unicorn-54061.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2312	2972	WerFault.exe	67
1240	4924	WerFault.exe	415

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28678.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
1920	Unicorn-51207.exe
2304	Unicorn-29801.exe
2816	Unicorn-48830.exe
2288	Unicorn-56889.exe
1204	Unicorn-11217.exe
2608	Unicorn-1003.exe
2852	Unicorn-41944.exe
1712	Unicorn-35997.exe
2248	Unicorn-23745.exe
2084	Unicorn-62639.exe
1952	Unicorn-56509.exe
1820	Unicorn-60812.exe
1892	Unicorn-61077.exe
640	Unicorn-41211.exe
1268	Unicorn-45317.exe
1988	Unicorn-54061.exe
2588	Unicorn-38279.exe
2388	Unicorn-52015.exe
2200	Unicorn-17859.exe
1888	Unicorn-6998.exe
1996	Unicorn-36962.exe
1944	Unicorn-37725.exe
1496	Unicorn-34003.exe
2396	Unicorn-14974.exe
2280	Unicorn-22878.exe
1792	Unicorn-23143.exe
624	Unicorn-57953.exe
776	Unicorn-46256.exe
1292	Unicorn-6706.exe
2456	Unicorn-21436.exe
968	Unicorn-17906.exe
1284	Unicorn-7045.exe
1776	Unicorn-11876.exe
2956	Unicorn-5099.exe
1572	Unicorn-64506.exe
1108	Unicorn-20978.exe
2984	Unicorn-19106.exe
2644	Unicorn-35634.exe
2972	Unicorn-40894.exe
2400	Unicorn-35634.exe
2788	Unicorn-51784.exe
2872	Unicorn-40848.exe
2676	Unicorn-3345.exe
3040	Unicorn-57185.exe
2584	Unicorn-11513.exe
2072	Unicorn-44378.exe
2316	Unicorn-60806.exe
2108	Unicorn-16344.exe
1576	Unicorn-35918.exe
1964	Unicorn-22182.exe
832	Unicorn-37964.exe
2908	Unicorn-27850.exe
988	Unicorn-27585.exe
1080	Unicorn-38056.exe
2384	Unicorn-52245.exe
2420	Unicorn-13905.exe
2208	Unicorn-11404.exe
2220	Unicorn-48253.exe
2992	Unicorn-54383.exe
1512	Unicorn-19935.exe
1684	Unicorn-60221.exe
1540	Unicorn-23364.exe
1908	Unicorn-41939.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 1920	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	29
PID 2528 wrote to memory of 1920	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	29
PID 2528 wrote to memory of 1920	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	29
PID 2528 wrote to memory of 1920	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	29
PID 1920 wrote to memory of 2304	1920	Unicorn-51207.exe	30
PID 1920 wrote to memory of 2304	1920	Unicorn-51207.exe	30
PID 1920 wrote to memory of 2304	1920	Unicorn-51207.exe	30
PID 1920 wrote to memory of 2304	1920	Unicorn-51207.exe	30
PID 2528 wrote to memory of 2816	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	31
PID 2528 wrote to memory of 2816	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	31
PID 2528 wrote to memory of 2816	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	31
PID 2528 wrote to memory of 2816	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	31
PID 1920 wrote to memory of 2288	1920	Unicorn-51207.exe	32
PID 1920 wrote to memory of 2288	1920	Unicorn-51207.exe	32
PID 1920 wrote to memory of 2288	1920	Unicorn-51207.exe	32
PID 1920 wrote to memory of 2288	1920	Unicorn-51207.exe	32
PID 2304 wrote to memory of 2852	2304	Unicorn-29801.exe	33
PID 2304 wrote to memory of 2852	2304	Unicorn-29801.exe	33
PID 2304 wrote to memory of 2852	2304	Unicorn-29801.exe	33
PID 2304 wrote to memory of 2852	2304	Unicorn-29801.exe	33
PID 2816 wrote to memory of 1204	2816	Unicorn-48830.exe	34
PID 2816 wrote to memory of 1204	2816	Unicorn-48830.exe	34
PID 2816 wrote to memory of 1204	2816	Unicorn-48830.exe	34
PID 2816 wrote to memory of 1204	2816	Unicorn-48830.exe	34
PID 2528 wrote to memory of 2608	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	35
PID 2528 wrote to memory of 2608	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	35
PID 2528 wrote to memory of 2608	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	35
PID 2528 wrote to memory of 2608	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	35
PID 1204 wrote to memory of 1712	1204	Unicorn-11217.exe	37
PID 1204 wrote to memory of 1712	1204	Unicorn-11217.exe	37
PID 1204 wrote to memory of 1712	1204	Unicorn-11217.exe	37
PID 1204 wrote to memory of 1712	1204	Unicorn-11217.exe	37
PID 2288 wrote to memory of 2248	2288	Unicorn-56889.exe	36
PID 2288 wrote to memory of 2248	2288	Unicorn-56889.exe	36
PID 2288 wrote to memory of 2248	2288	Unicorn-56889.exe	36
PID 2288 wrote to memory of 2248	2288	Unicorn-56889.exe	36
PID 1920 wrote to memory of 1952	1920	Unicorn-51207.exe	38
PID 1920 wrote to memory of 1952	1920	Unicorn-51207.exe	38
PID 1920 wrote to memory of 1952	1920	Unicorn-51207.exe	38
PID 1920 wrote to memory of 1952	1920	Unicorn-51207.exe	38
PID 2852 wrote to memory of 2084	2852	Unicorn-41944.exe	39
PID 2852 wrote to memory of 2084	2852	Unicorn-41944.exe	39
PID 2852 wrote to memory of 2084	2852	Unicorn-41944.exe	39
PID 2852 wrote to memory of 2084	2852	Unicorn-41944.exe	39
PID 2608 wrote to memory of 1892	2608	Unicorn-1003.exe	40
PID 2608 wrote to memory of 1892	2608	Unicorn-1003.exe	40
PID 2608 wrote to memory of 1892	2608	Unicorn-1003.exe	40
PID 2608 wrote to memory of 1892	2608	Unicorn-1003.exe	40
PID 2528 wrote to memory of 1820	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	41
PID 2528 wrote to memory of 1820	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	41
PID 2528 wrote to memory of 1820	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	41
PID 2528 wrote to memory of 1820	2528	b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe	41
PID 2304 wrote to memory of 640	2304	Unicorn-29801.exe	42
PID 2304 wrote to memory of 640	2304	Unicorn-29801.exe	42
PID 2304 wrote to memory of 640	2304	Unicorn-29801.exe	42
PID 2304 wrote to memory of 640	2304	Unicorn-29801.exe	42
PID 1712 wrote to memory of 1268	1712	Unicorn-35997.exe	43
PID 1712 wrote to memory of 1268	1712	Unicorn-35997.exe	43
PID 1712 wrote to memory of 1268	1712	Unicorn-35997.exe	43
PID 1712 wrote to memory of 1268	1712	Unicorn-35997.exe	43
PID 2248 wrote to memory of 1988	2248	Unicorn-23745.exe	44
PID 2248 wrote to memory of 1988	2248	Unicorn-23745.exe	44
PID 2248 wrote to memory of 1988	2248	Unicorn-23745.exe	44
PID 2248 wrote to memory of 1988	2248	Unicorn-23745.exe	44

C:\Users\Admin\AppData\Local\Temp\b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe
"C:\Users\Admin\AppData\Local\Temp\b00004d3126258378f321f39cfbbec58cf3c6ad14e7a9342b986b706a8ba6153N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        9⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        8⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        7⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        7⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        6⤵
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 188
        7⤵
        Program crash
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
        7⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        7⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        6⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        6⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
        6⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        5⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
        5⤵
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        5⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        5⤵
        
        PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        7⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        5⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
        5⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        5⤵
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37964.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        6⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        7⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        6⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        6⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        6⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52203.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        5⤵
        
        PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        5⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        6⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28346.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
      4⤵
      PID:504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        5⤵
        
        PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        5⤵
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
      4⤵
      PID:7048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54061.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        8⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        7⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50306.exe
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        6⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
        7⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
        6⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        7⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        6⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        6⤵
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        5⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        5⤵
        
        PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        5⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        6⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        6⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        5⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
        5⤵
        
        PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        5⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
      4⤵
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
      4⤵
      PID:6476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        5⤵
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        6⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        5⤵
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        5⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        7⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        6⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        6⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        5⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        5⤵
        
        PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
      4⤵
      PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
      4⤵
      PID:6992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        5⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
        6⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        6⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      4⤵
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50306.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
      4⤵
      PID:6452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
      4⤵
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
      4⤵
      PID:236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
      4⤵
      PID:5748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
    3⤵
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
      4⤵
      PID:5828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
    3⤵
    PID:3196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        8⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        7⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        7⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        6⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        6⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        6⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        6⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32759.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        5⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        5⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        5⤵
        
        PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        5⤵
        Executes dropped EXE
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        6⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        7⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        6⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        6⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        6⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        6⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        5⤵
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
        5⤵
        
        PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        6⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        5⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        5⤵
        
        PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
      4⤵
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        5⤵
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
      4⤵
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
      4⤵
      PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
      4⤵
      PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
      4⤵
      PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        6⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        5⤵
        
        PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34421.exe
        5⤵
        
        PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
      4⤵
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        5⤵
        
        PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
      4⤵
      PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
      4⤵
      PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
      4⤵
      PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
      4⤵
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38919.exe
        5⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        5⤵
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      4⤵
      PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
      4⤵
      PID:6368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
    3⤵
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
      4⤵
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
    3⤵
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
      4⤵
      PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
      4⤵
      PID:5508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
    3⤵
    PID:3328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
    3⤵
    PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
    3⤵
    PID:5632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        6⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
        7⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        7⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        5⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        5⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
        5⤵
        
        PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        5⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        6⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37418.exe
        5⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
      4⤵
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        5⤵
        
        PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
      4⤵
      PID:648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
      4⤵
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
      4⤵
      PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
      4⤵
      PID:6572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        5⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        5⤵
        
        PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
      4⤵
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
      4⤵
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
      4⤵
      PID:6780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
      4⤵
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
      4⤵
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3078.exe
      4⤵
      PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
      4⤵
      PID:5672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
    3⤵
    PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
    3⤵
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
    3⤵
    PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
    3⤵
    PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
    3⤵
    PID:360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        6⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        5⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        5⤵
        
        PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
      4⤵
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
      4⤵
      PID:6532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
      4⤵
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        5⤵
        
        PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54632.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
      4⤵
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
      4⤵
      PID:6888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
      4⤵
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
      4⤵
      PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
      4⤵
      PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
    3⤵
    PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
    3⤵
    PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
    3⤵
    PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
    3⤵
    PID:7008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
      4⤵
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        5⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        5⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        5⤵
        
        PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
      4⤵
      PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
      4⤵
      PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
      4⤵
      PID:7060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
    3⤵
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
      4⤵
      PID:5752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
    3⤵
    PID:3480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
    3⤵
    PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
    3⤵
    PID:6952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
    3⤵
    - Program crash
    PID:2312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
  2⤵
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
    3⤵
    PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
    3⤵
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
    3⤵
    PID:6264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
  2⤵
  PID:3364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
  2⤵
  PID:4144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
  2⤵
  PID:5656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe

Filesize
468KB

MD5
3e703d8698e2f9830279f4fbbcfa5516

SHA1
abe494fce0e09e41ccc63c86080ef4cee7885869

SHA256
34f9b559de43b67ce3fa93e3f5226aeb5b519a3dcc5f0102b1c819d58a8c713a

SHA512
96430699d2e1a2e4632eb9d5920afd547a67e0f14e062149e038715df78ae0586ee45b9c67661d64657e619f4cb3be153a2b4d1cd959b0c418f8e187b3cd8c97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe

Filesize
468KB

MD5
fde89a413e8286d654fefa85dae3af2d

SHA1
b3e57d5f1072940687761ce80cb634a8b64ea333

SHA256
0185349a2442e7b66f712ca07a38e45f0acf1cfc5247a4622320ed272753d191

SHA512
58fc343f06a7cd9ac8b16de592a1842a53e810f75076d9e1a51517249152badda6aa7ebc914f1dc2cc9e5556a7ac165f178466997b06a0cf99f44c9c0474c501

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe

Filesize
468KB

MD5
7b4e800b745b44aa59e5f157cc145e72

SHA1
a2594cd44e646a3fbd1c9c005bd3dd0741bfcf20

SHA256
59863757bff5a81415a08d50121c2ec96603c52dc28fe53db9e327afea706db0

SHA512
86886b62a4672018361004ccdc77b9ebe13ac03dbde43adeabef18974e87903412940d7fe5df125ecbdb942772f2ae9f630bd994e12385a4aaf375be7931626f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe

Filesize
468KB

MD5
ab8869e8c7a9924419896347c4eb00f1

SHA1
12a773b2f5455d3e0e6d2db57e516ec96933d485

SHA256
4d1a2bf0e0cda57966b9b57a85c025c02dbe099d34b0971ae3c43e443b23d4e5

SHA512
4fdf7c73d780a70277e2423e55e8bbdb5c71308a46d65499dce9dbf5fbb3de0cd4823da594bf4e776f8d2061ae42c707db5eb7790e2af51d324461b61557470e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe

Filesize
468KB

MD5
cd5335401f015c28c9ac7f823ab447c3

SHA1
2b070eb46833cf03bb90e659ed427441f763754a

SHA256
dee2b2b19a2398fa91a09d3c569454807fc0b3e0a8dabdbf97cac772514f37f4

SHA512
07095dc270724d7405ee24bbce534ea36924d65c6cde78dbdc306f3ac32210dfc8d9a8867aa43b53d6340d881e3f2dfbfcc55a35ea30dc3470112ee4d9dd67d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe

Filesize
468KB

MD5
3b25d6e43bdec6194cba92542ad46da1

SHA1
c32b216801a810cd779c3364551b1a906533faa7

SHA256
be0fc6bc643b61cc4d9ebe044bce2b196cb401d63dae059e1f9259d96d86f6e8

SHA512
d223e643fb7b77630c1cecb26d677c22f28dd15daabbafba5c5d080c44267ab887822ca3db041660790e42d37d661c43b18013c222e866dff389294d4a2f27a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe

Filesize
468KB

MD5
02cf630c6a6f844421589af0ac96a37b

SHA1
e2011cc87bf95b824364e41e84418ce2093da982

SHA256
87b1e50fb632784257e99eaa89d43cb2a0d635f1cdacf4ccfa578cd0e2511989

SHA512
9543e25083749e7a9b064176ca5e4b46a292ea4aa8ba7097b1c2a1325e0d8c2ef3a621df9ce7cd7b084ede89037c29c049702ed03b7aca82ea502d413a8d8db4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe

Filesize
468KB

MD5
acd69b9bff5f9741f70070afade26db4

SHA1
c36d032efd03a4e459f363cb1e0474f71b53acba

SHA256
706e12a79056fdb5470814a0b440e60c81f2de964000184201cce8a7974b667b

SHA512
ea6eff219912df6d3585e1c3772ffef4f69b0778db11188084a0808541fe619aa6487850a9567ebff8b9aa5a727efbb6946d6a067adf7b755424f233fa120094

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe

Filesize
468KB

MD5
635377e73f4c4dc78df36390fc613ebc

SHA1
32e88727bb7b6915810cd4fac74f2a65dba53ac8

SHA256
602d25af87668a27e7710dfb48fbc36f67406b876a289aa94ddddf33b7579ea2

SHA512
27dd2aaf654234cc59f331eb033c41eea96ca46d6b3deed07746c4156ca4ba331747af69fb33716b645a430fb63b9e7565480499a16b37920f9b91eddf206066

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe

Filesize
468KB

MD5
aa7658045f28feabf54cef3e5c745971

SHA1
2fcd83fbd60616d568177473045f6a5956b4fed8

SHA256
971b67ab393ff0bfc89aacd24ba50b71b38d105e2f124e96401da3d14798e661

SHA512
528ca2e0d5f060f3edc6f7602113ebe075dc30469617342181c68e8fd752e2fe524342c335d4780153af9e92d783688bd4eeb3d6b36cab9e735415ee017cbd3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe

Filesize
468KB

MD5
7487fbea24fd2e43a7adfb33b13d3aea

SHA1
edb4b5e0be29f8205e026da8d23dec6a78d6a708

SHA256
8d5f2d80dafaeba1a1e3287d0bff0149a28bc8ee273948d50b300ea10dc25551

SHA512
5204b190cfe7d20a56b1aa9974641da713e7a23a0e6a3fdd722aa1f2e7d2a995d1f081020f4222b7b0c8a57f8e1ec8086d306f64c26fccac03b2a76b5781d5e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe

Filesize
468KB

MD5
bcf4375058c36fd63726555086b5f3c1

SHA1
e98dfbf353b141bf52291762989246d610bd4a88

SHA256
65d13a1dd0a789a3ec7956e577c106b0e60784b7ce249a425558599959603090

SHA512
9dbd8d5f162d3e48c40addcd2326302da9a073815a93f809cf7005a5ebad2759fc34dd1f37e2aaf6392d6d22209099ad506d861597d50ab8b24dc3c24c4351d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe

Filesize
468KB

MD5
957e40cff0de69a67ac91c3ea70e1fd1

SHA1
ea5ff949e290f1d298964947bcac99e2030c7907

SHA256
faf5bc1b4c0279ff0b41724f63aad13da2dfc16063aeb4b53f4312b448e633db

SHA512
8769d3db4675d41333278744fd9bb56ddf5e60774e8a7339d292c486fe3ccf555f542e70298a86bdc645a8fad2c41785ac7f70c981c5fccab875774a0a3ec1fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe

Filesize
468KB

MD5
d4ace35864c46d44fdad4b2f36992330

SHA1
f2ee178346156af17f02f841b82258b4903e4399

SHA256
75929474265e8b5f7b19b83656d503716b21cc74898585579088211f708b3a6f

SHA512
13d78d09613aa5ae2249f284a2ecd98743eff10ded159bdaa2ce562e0f55fe5be38da720f3de6974b740dcfd9fb086536703b9ba02b75f999518dfaafa23f7d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe

Filesize
468KB

MD5
1edf987b04b36925c8d8b74c2f6ff36e

SHA1
c17d598dc3f18209cede5afaedf7c4669574071a

SHA256
7039423f11efaf5cccc286db35c5e13732866211cedaf384dc52282d691fc38a

SHA512
ef7fd1204f62ef5f2f510bf7f13a1517a53a6ed45c5ca0be16bfec08db505eecb0212face6fec7fb299fd158e5535ede50fd5e5fd26c828f294567d9e438e21c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54061.exe

Filesize
468KB

MD5
91eb5973e980eb61550530d64c1ec723

SHA1
33e470b6c227f81873de84ebf5558feffec4c8bb

SHA256
3f2c98248e8b9e26ac5019faff9a72130976b5ff7ddb58b9a7e46520729eeaaf

SHA512
5e4b5f2b039ca1d281f2b5e955432b45561e5b596cd5d8678117a4007c2fc52802086d4a41f12902ae7d99dcbeec7e9694f8b444a4f14e9479ba85ddc71a0098

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe

Filesize
468KB

MD5
b0574ad5e41d3055e8791b4024c0190a

SHA1
c104ad16cc0a918c8da6f731258bbb643e28048d

SHA256
43d508a1afde37e4f82721d48321c5acaa8a67735b8f525719c3687f225cc666

SHA512
8c0b6f21f2e47549555d32b29f018ac25f1ea1e8cff7ddb5f866ed0cd4469aac28b7a289de5819d15bd43bd6a623b9efcc4832446968bdff97a8db4786e52671

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe

Filesize
468KB

MD5
64b362d5f20d6b0127880069c5a87590

SHA1
623fa95a48cf508294f93b473b7475688dc961e1

SHA256
8af6748b8d009a54396dab854efbca0badb728f9b03b01cc2258067a44dffb9d

SHA512
204f5363ea87b5a8a9fdbc6a5180da48ae24849522d46d313dae20ef20e89fc210e9fd2ab0cbe47b0b59d96c4cd1f81746f9cd4be764ba4c566c4d113000bf8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe

Filesize
468KB

MD5
fbcb5c6d702d6cee1b353f16e63812f2

SHA1
45a96fde20eef9bb60a20f6b28cfb23352c932b7

SHA256
9181207b682dd49cb9b6620f287e4dc96038071d530182d8fa6021ff316ae137

SHA512
dbb6472c3ec90b1ec44b93d418ca652e10942088befcb615da848109f666cf277feb4e67045403c1d65cc0ea91585fd2541dba26a70f0f67fa356200d4bf548a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe

Filesize
468KB

MD5
45d1653d923662ee4a52534b87403aa8

SHA1
9bb4e9dac1d74475fc609b4ddd88802946246c9d

SHA256
822391e884391c26a2d46673c8ea18692307b19f03af1f612287e9add4f7f650

SHA512
d5a4eacc16259beddd02fae8d46a64b4fb2c21c97813e700b50c72604f452581943a91b19a6eb4d33cb463684287c6f4801307a360b50843bb7496920f64a911

Download Submit