9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3

Analysis

max time kernel
114s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
Size

468KB
MD5

07f44315718bbb36d3eedb47ceb9e6c0
SHA1

15c705a2e3c5f01727f607d38e54d62c3ac90ebd
SHA256

9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3
SHA512

bd199737eab41b4ef34c65b0ab067bf77ddf16745c3ba2cb2f574bd0ecb2fd3b775f0e2165a703e18db8d753e42b8240b2978d6fbcfb807e39313ebf53187129
SSDEEP

3072:1GcHo5IKq05UDbY9H5cOcf8/LChzP0p1nLHewVPPMPP+VNmsvRlU:1GIoe8UDCHSOcfDYIsMPmLmsv

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1716	Unicorn-33147.exe
2836	Unicorn-34360.exe
2816	Unicorn-41974.exe
1164	Unicorn-51377.exe
2560	Unicorn-61775.exe
2664	Unicorn-14620.exe
2148	Unicorn-56208.exe
3064	Unicorn-48684.exe
2176	Unicorn-24926.exe
708	Unicorn-4719.exe
2776	Unicorn-8803.exe
2532	Unicorn-8538.exe
1096	Unicorn-22216.exe
2616	Unicorn-8481.exe
768	Unicorn-28347.exe
2904	Unicorn-910.exe
2216	Unicorn-1657.exe
3020	Unicorn-41834.exe
2076	Unicorn-44064.exe
696	Unicorn-24849.exe
840	Unicorn-25114.exe
904	Unicorn-31427.exe
860	Unicorn-37558.exe
1492	Unicorn-49810.exe
1404	Unicorn-39.exe
992	Unicorn-50557.exe
2044	Unicorn-4885.exe
1664	Unicorn-17138.exe
2460	Unicorn-22736.exe
288	Unicorn-30904.exe
2452	Unicorn-47309.exe
1592	Unicorn-31527.exe
2108	Unicorn-2192.exe
2640	Unicorn-22805.exe
2020	Unicorn-64392.exe
2256	Unicorn-57707.exe
2120	Unicorn-63837.exe
2912	Unicorn-21963.exe
2624	Unicorn-30589.exe
2084	Unicorn-47672.exe
2596	Unicorn-17844.exe
1268	Unicorn-63267.exe
1876	Unicorn-50708.exe
2124	Unicorn-2254.exe
1684	Unicorn-22120.exe
1608	Unicorn-42732.exe
2796	Unicorn-42732.exe
996	Unicorn-36602.exe
664	Unicorn-50900.exe
916	Unicorn-33477.exe
2092	Unicorn-39343.exe
1832	Unicorn-23826.exe
1764	Unicorn-51860.exe
2404	Unicorn-30670.exe
2384	Unicorn-45922.exe
2200	Unicorn-52052.exe
1868	Unicorn-64283.exe
2060	Unicorn-18612.exe
2488	Unicorn-23442.exe
2376	Unicorn-61543.exe
2948	Unicorn-3619.exe
2332	Unicorn-32400.exe
812	Unicorn-32954.exe
1316	Unicorn-7127.exe

Loads dropped DLL 64 IoCs

pid	Process
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
1716	Unicorn-33147.exe
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
1716	Unicorn-33147.exe
2836	Unicorn-34360.exe
2836	Unicorn-34360.exe
2816	Unicorn-41974.exe
2816	Unicorn-41974.exe
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
1716	Unicorn-33147.exe
1716	Unicorn-33147.exe
1164	Unicorn-51377.exe
1164	Unicorn-51377.exe
2836	Unicorn-34360.exe
2836	Unicorn-34360.exe
2560	Unicorn-61775.exe
2560	Unicorn-61775.exe
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
2664	Unicorn-14620.exe
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
2664	Unicorn-14620.exe
2816	Unicorn-41974.exe
1716	Unicorn-33147.exe
2816	Unicorn-41974.exe
1716	Unicorn-33147.exe
2148	Unicorn-56208.exe
2148	Unicorn-56208.exe
3064	Unicorn-48684.exe
3064	Unicorn-48684.exe
1164	Unicorn-51377.exe
1164	Unicorn-51377.exe
2176	Unicorn-24926.exe
2176	Unicorn-24926.exe
2836	Unicorn-34360.exe
2836	Unicorn-34360.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
1716	Unicorn-33147.exe
2616	Unicorn-8481.exe
1716	Unicorn-33147.exe
2616	Unicorn-8481.exe
2472	WerFault.exe
768	Unicorn-28347.exe
2816	Unicorn-41974.exe
768	Unicorn-28347.exe
2816	Unicorn-41974.exe
2532	Unicorn-8538.exe
2532	Unicorn-8538.exe
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
2148	Unicorn-56208.exe
2776	Unicorn-8803.exe
708	Unicorn-4719.exe
2148	Unicorn-56208.exe
2776	Unicorn-8803.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2472	1096	WerFault.exe	44

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62819.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
1716	Unicorn-33147.exe
2836	Unicorn-34360.exe
2816	Unicorn-41974.exe
1164	Unicorn-51377.exe
2560	Unicorn-61775.exe
2148	Unicorn-56208.exe
2664	Unicorn-14620.exe
3064	Unicorn-48684.exe
2176	Unicorn-24926.exe
1096	Unicorn-22216.exe
708	Unicorn-4719.exe
2532	Unicorn-8538.exe
768	Unicorn-28347.exe
2776	Unicorn-8803.exe
2616	Unicorn-8481.exe
2904	Unicorn-910.exe
2216	Unicorn-1657.exe
3020	Unicorn-41834.exe
2076	Unicorn-44064.exe
696	Unicorn-24849.exe
840	Unicorn-25114.exe
1492	Unicorn-49810.exe
860	Unicorn-37558.exe
904	Unicorn-31427.exe
1404	Unicorn-39.exe
2044	Unicorn-4885.exe
992	Unicorn-50557.exe
1664	Unicorn-17138.exe
2460	Unicorn-22736.exe
288	Unicorn-30904.exe
2452	Unicorn-47309.exe
2108	Unicorn-2192.exe
1592	Unicorn-31527.exe
2640	Unicorn-22805.exe
2020	Unicorn-64392.exe
2120	Unicorn-63837.exe
2256	Unicorn-57707.exe
2912	Unicorn-21963.exe
2624	Unicorn-30589.exe
2084	Unicorn-47672.exe
2596	Unicorn-17844.exe
1268	Unicorn-63267.exe
1876	Unicorn-50708.exe
2124	Unicorn-2254.exe
1684	Unicorn-22120.exe
1608	Unicorn-42732.exe
2796	Unicorn-42732.exe
996	Unicorn-36602.exe
664	Unicorn-50900.exe
2092	Unicorn-39343.exe
1832	Unicorn-23826.exe
916	Unicorn-33477.exe
1764	Unicorn-51860.exe
2384	Unicorn-45922.exe
2200	Unicorn-52052.exe
2404	Unicorn-30670.exe
2060	Unicorn-18612.exe
1868	Unicorn-64283.exe
2488	Unicorn-23442.exe
2948	Unicorn-3619.exe
2376	Unicorn-61543.exe
2332	Unicorn-32400.exe
812	Unicorn-32954.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 1716	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	31
PID 1508 wrote to memory of 1716	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	31
PID 1508 wrote to memory of 1716	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	31
PID 1508 wrote to memory of 1716	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	31
PID 1508 wrote to memory of 2836	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	33
PID 1508 wrote to memory of 2836	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	33
PID 1508 wrote to memory of 2836	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	33
PID 1508 wrote to memory of 2836	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	33
PID 1716 wrote to memory of 2816	1716	Unicorn-33147.exe	32
PID 1716 wrote to memory of 2816	1716	Unicorn-33147.exe	32
PID 1716 wrote to memory of 2816	1716	Unicorn-33147.exe	32
PID 1716 wrote to memory of 2816	1716	Unicorn-33147.exe	32
PID 2836 wrote to memory of 1164	2836	Unicorn-34360.exe	34
PID 2836 wrote to memory of 1164	2836	Unicorn-34360.exe	34
PID 2836 wrote to memory of 1164	2836	Unicorn-34360.exe	34
PID 2836 wrote to memory of 1164	2836	Unicorn-34360.exe	34
PID 2816 wrote to memory of 2664	2816	Unicorn-41974.exe	35
PID 2816 wrote to memory of 2664	2816	Unicorn-41974.exe	35
PID 2816 wrote to memory of 2664	2816	Unicorn-41974.exe	35
PID 2816 wrote to memory of 2664	2816	Unicorn-41974.exe	35
PID 1508 wrote to memory of 2560	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	36
PID 1508 wrote to memory of 2560	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	36
PID 1508 wrote to memory of 2560	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	36
PID 1508 wrote to memory of 2560	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	36
PID 1716 wrote to memory of 2148	1716	Unicorn-33147.exe	37
PID 1716 wrote to memory of 2148	1716	Unicorn-33147.exe	37
PID 1716 wrote to memory of 2148	1716	Unicorn-33147.exe	37
PID 1716 wrote to memory of 2148	1716	Unicorn-33147.exe	37
PID 1164 wrote to memory of 3064	1164	Unicorn-51377.exe	38
PID 1164 wrote to memory of 3064	1164	Unicorn-51377.exe	38
PID 1164 wrote to memory of 3064	1164	Unicorn-51377.exe	38
PID 1164 wrote to memory of 3064	1164	Unicorn-51377.exe	38
PID 2836 wrote to memory of 2176	2836	Unicorn-34360.exe	39
PID 2836 wrote to memory of 2176	2836	Unicorn-34360.exe	39
PID 2836 wrote to memory of 2176	2836	Unicorn-34360.exe	39
PID 2836 wrote to memory of 2176	2836	Unicorn-34360.exe	39
PID 2560 wrote to memory of 708	2560	Unicorn-61775.exe	40
PID 2560 wrote to memory of 708	2560	Unicorn-61775.exe	40
PID 2560 wrote to memory of 708	2560	Unicorn-61775.exe	40
PID 2560 wrote to memory of 708	2560	Unicorn-61775.exe	40
PID 1508 wrote to memory of 2532	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	41
PID 1508 wrote to memory of 2532	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	41
PID 1508 wrote to memory of 2532	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	41
PID 1508 wrote to memory of 2532	1508	9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe	41
PID 2664 wrote to memory of 2776	2664	Unicorn-14620.exe	42
PID 2664 wrote to memory of 2776	2664	Unicorn-14620.exe	42
PID 2664 wrote to memory of 2776	2664	Unicorn-14620.exe	42
PID 2664 wrote to memory of 2776	2664	Unicorn-14620.exe	42
PID 2816 wrote to memory of 2616	2816	Unicorn-41974.exe	43
PID 2816 wrote to memory of 2616	2816	Unicorn-41974.exe	43
PID 2816 wrote to memory of 2616	2816	Unicorn-41974.exe	43
PID 2816 wrote to memory of 2616	2816	Unicorn-41974.exe	43
PID 1716 wrote to memory of 1096	1716	Unicorn-33147.exe	44
PID 1716 wrote to memory of 1096	1716	Unicorn-33147.exe	44
PID 1716 wrote to memory of 1096	1716	Unicorn-33147.exe	44
PID 1716 wrote to memory of 1096	1716	Unicorn-33147.exe	44
PID 2148 wrote to memory of 768	2148	Unicorn-56208.exe	45
PID 2148 wrote to memory of 768	2148	Unicorn-56208.exe	45
PID 2148 wrote to memory of 768	2148	Unicorn-56208.exe	45
PID 2148 wrote to memory of 768	2148	Unicorn-56208.exe	45
PID 3064 wrote to memory of 2904	3064	Unicorn-48684.exe	46
PID 3064 wrote to memory of 2904	3064	Unicorn-48684.exe	46
PID 3064 wrote to memory of 2904	3064	Unicorn-48684.exe	46
PID 3064 wrote to memory of 2904	3064	Unicorn-48684.exe	46

C:\Users\Admin\AppData\Local\Temp\9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe
"C:\Users\Admin\AppData\Local\Temp\9b472e052b6696a0c224fc93e0f408a33b09b9a718a577f1ef73177a816a73c3N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        8⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        7⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        8⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        7⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
        6⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        6⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        7⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        6⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        7⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        7⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20615.exe
        6⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        7⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        6⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        6⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        6⤵
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16596.exe
        5⤵
        
        PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
        8⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        7⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        7⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        7⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        7⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        6⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        6⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        7⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3842.exe
        6⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        5⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        6⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        5⤵
        
        PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        5⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        6⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        6⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53724.exe
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        5⤵
        
        PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
      4⤵
      PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
      4⤵
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        6⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        6⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        6⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33974.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        7⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        6⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        6⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
        5⤵
        
        PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        6⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36313.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        6⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        5⤵
        
        PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
      4⤵
      PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1096
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43967.exe
        5⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        6⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47222.exe
        6⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
      4⤵
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        5⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
      4⤵
      PID:6472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        5⤵
        
        PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        5⤵
        
        PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
      4⤵
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
      4⤵
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
    3⤵
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
      4⤵
      PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
    3⤵
    PID:3740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
    3⤵
    PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
    3⤵
    PID:5032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1915.exe
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        9⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        8⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        7⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        7⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        6⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        7⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
        6⤵
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        6⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        5⤵
        
        PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
        5⤵
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
        6⤵
        Executes dropped EXE
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        7⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        7⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        7⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        6⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        5⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        5⤵
        
        PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        6⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        6⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        5⤵
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        5⤵
        
        PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
      4⤵
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        5⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        5⤵
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
      4⤵
      PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
      4⤵
      PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        7⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        8⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        7⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49772.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        6⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54185.exe
        6⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        7⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        5⤵
        
        PID:352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        6⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        6⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        5⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        6⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        5⤵
        
        PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
      4⤵
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        5⤵
        
        PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
      4⤵
      PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
      4⤵
      PID:6512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
        5⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        6⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        5⤵
        
        PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
      4⤵
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        5⤵
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
      4⤵
      PID:6496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        5⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        6⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        6⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        5⤵
        
        PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        5⤵
        
        PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
      4⤵
      PID:6908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
    3⤵
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
      4⤵
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        6⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36064.exe
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
    3⤵
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
      4⤵
      PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
    3⤵
    PID:4268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
    3⤵
    PID:6112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        6⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        6⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        5⤵
        
        PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
      4⤵
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
        5⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        5⤵
        
        PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50451.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
      4⤵
      PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
      4⤵
      PID:6648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25021.exe
        5⤵
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        6⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        5⤵
        
        PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
      4⤵
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
      4⤵
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
      4⤵
      PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
      4⤵
      PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
      4⤵
      PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
      4⤵
      PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
      4⤵
      PID:6892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
    3⤵
    PID:2276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
    3⤵
    PID:5112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
    3⤵
    PID:5392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36313.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
      4⤵
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        5⤵
        
        PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
      4⤵
      PID:7108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
      4⤵
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        5⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        5⤵
        
        PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
      4⤵
      PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        5⤵
        
        PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe
      4⤵
      PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
    3⤵
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
      4⤵
      PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
      4⤵
      PID:6584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
    3⤵
    PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
      4⤵
      PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
    3⤵
    PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
    3⤵
    PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
      4⤵
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        5⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe
        5⤵
        
        PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
      4⤵
      PID:5616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
    3⤵
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
      4⤵
      PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
      4⤵
      PID:6940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
    3⤵
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
      4⤵
      PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
      4⤵
      PID:6484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
    3⤵
    PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
    3⤵
    PID:1484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
    3⤵
    PID:1284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
      4⤵
      PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
      4⤵
      PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52467.exe
    3⤵
    PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
    3⤵
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
    3⤵
    PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
    3⤵
    PID:5496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
  2⤵
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
    3⤵
    PID:3724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
    3⤵
    PID:6528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
  2⤵
  PID:3276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
  2⤵
  PID:4128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
  2⤵
  PID:6436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe

Filesize
468KB

MD5
78e8cba35664e57b24337e5d2a5163a4

SHA1
1cf53f9e3e399d1e2fac6289bfae2488887f059b

SHA256
2bbbc821cadb1c63046ab882f6af0216fb5308661e5bcac7370cb3ba55659888

SHA512
21f420e67e5add19d554bc4f166c2f09f556d595a102c51beab6d732fa94587061413b08a0ecb3fe760c5649b965c3f2534a8930f920532e30add3c949720af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe

Filesize
468KB

MD5
079b52c804d7bde8b167baffd6647922

SHA1
3f3fc2395104aa5b81d3ea6d054ebe5781041408

SHA256
27fc8f46a4517792fbd43bb9abf0d610176fe4dd02d62bb3e5dec8441d4a9fff

SHA512
eac45cfc90269f9ebc7252c165378fc7677bc98715a6cf74e33ff264a5b850a75cb3a5b0aaceaf2464df9e3bb9284976db167c9694c980e52c917bef84ebddd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe

Filesize
468KB

MD5
23ba902f463d0330a6906e15323f48d5

SHA1
4061aae8f7dc98b5b315ea7379305b9745c92e8a

SHA256
8adefeeebaaf196c9915367241086300c891f79bd6f0f9ba538eadcfc747e2a3

SHA512
13ddcd91845eb53409e82de6034b955a202cf1c14e5fc4e81a42a8fe2d7b7e1f1ed2f088f9a5825303a14c56f1aa8bcef50079a94acb6c4ac1c4e47e9f34f0b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36064.exe

Filesize
468KB

MD5
4c02e94323591d2bda762ab553ad53f2

SHA1
ac1f3750b1b478fb617f17c29b28790ea0f54db2

SHA256
dee1e9ad86d8300fdbd56e6fe89677426280204c6ad2ff390e0397e3b3981e7c

SHA512
65a1313d27c2dba17d23c5f94f525087c5f45c3c9184c1677596361899e8ee3dab450d145ec20d7a62203277fcd81ae4e17b536bb77de14d4645b208760ee636

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe

Filesize
468KB

MD5
c04abeaa0dea23f1b69ebaf4833731a9

SHA1
d7026a2e430984f1a0e36e008d0b40789c42754b

SHA256
7513a3c3e52533af922a9b3f509f4df19110287f8d7b9dcf3fc157161da75d53

SHA512
af242f4707f935cc4ecee8d2b68f7d27beedbaedd4848bf3ceef1b8b12990717d312d3590c63a71719ac9397ea519767bed0c39fa01f6d2f4355f347417e37ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe

Filesize
468KB

MD5
d968a1a5f36fe5909bed278fa896abbb

SHA1
1b10a2e299a6bed15e2f5a67f7ff91532e7ce871

SHA256
e62fcce65c9e35168c4d3001652298118c2c1a7a3f75289d4f59979a34874182

SHA512
7e15754aee9c416d3f49d3952134abb0ca2a977e0d3e2d7cde69820315b6703ffe330554d4154f2ead9c9e8f182360183e183edb9e92cf1dc1fb05a07e4212a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe

Filesize
468KB

MD5
d03032eca14b5c44f9c4213c69b31ad3

SHA1
c5a693fe2d4fb4b5c1bc1740f6f416a69b34783d

SHA256
fcc33eda6c98396bdebf4485dc705d58cd7d9958bb3e844c00e0e5a00023d994

SHA512
958e3653a82a20ef420ca0368423f68fb4789b69ccbf64995183023dce799afa2d0ac89feed9cb76b2dacb3d16f3a360420145f0fba8e7a9f5f0c126c81ead7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe

Filesize
468KB

MD5
5f83bfe34168b9087f305f3d0678cd42

SHA1
71d1d764970ac9ed1013371e5095240686372c01

SHA256
2b36466ab0c79ca8bf372eb639fdc1009d7efab31cbd89e4a826b9545fd3e414

SHA512
1d24e17fa1f976a839a77e0d6ec95db0b431b976005986c9401be19d90d6203eb9a895f35b0bdedf9b156ef2381f549ee48c4903f3184325089c14f263cbf423

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe

Filesize
468KB

MD5
69f9c191058507d2b51858bc8aea2268

SHA1
6640695528ba12c2db38881f8c8e34b2d772da2f

SHA256
374e9429d43fac422964d29daa8a0b135e35feb1533b0a4ee75fa09065e69b56

SHA512
a8744c79080657466d5a6d4d9f9998805bb92be46d16c31bf5b00c0b99284c6911c662d867bac47b303b24ac64a0137a965e78fa1b0a32d3c539ada5552752b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe

Filesize
468KB

MD5
bb18a002f873358811b4a9f3ccef9105

SHA1
9f7fab0357878cf5e1d70b365621971c50350450

SHA256
6ea557031448bca4c1ebc1d615ad38c48725f25d14ce15d1c28931db88fb7f53

SHA512
c4a70533b4cf4d34331129eade39d2cd69f2654ff47c85106bbc4d5517e78e24b6e2b21b350017ed26c8b59b2265d26b9384172711fb6d145c8fb6aace5162a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe

Filesize
468KB

MD5
6372ec5dc3e28778a9656271bb401334

SHA1
48af99e93032c6c6c00e492dc3e93eacc67e6eaa

SHA256
e0553c7357ebb7557822a5bd454fccca07c767989c5e20aee1f86e6c760a7a9c

SHA512
6f88dac7e43fc365c688996d1705642a775dc8e3c5cdaabd8ca01fd23b77b940233e648ba4556f622aae303167f490b87f36414bd42ccd19bb1e7da0008d712f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe

Filesize
468KB

MD5
dbbd7423efa2ac8c0d2173768d2c241f

SHA1
dd240afb6bbc30d759f352377fd357829200af27

SHA256
fddc47618779c6368d19f5acaa0ff0502794bed738b90a7fa1d120736f822ad9

SHA512
f57dd0e5e60c1df19e5959b259404294f3c2f4ea7e6a7cb56d99d0b4d03406bca5945fd69c5119e4357e6cf6deec2dd94b2a80316ecc1818440cd5742a89eff1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe

Filesize
468KB

MD5
434ee7f86eeafcd0cbdfdb3283704694

SHA1
e9482106e007f35123da62809155f0fd0aaefe39

SHA256
0b84ac00334e98efce4bedc5b3adaa377b2628ca5225ab89632a91b7c2a3fcdc

SHA512
16ef3621d9f4b5b8c4b4fe29625656e58e8e6fc891aec64dd9b0ad3fccd29e70b0f0957dd3feb3640d53695785c96296fb9c6248d17bf718e6f243d385d78e72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe

Filesize
468KB

MD5
ae1e339d2dc774460b1a607784001e64

SHA1
f7d6b6d2035ce4f76f02f39b2f98802361bcdc74

SHA256
b99e6f6204dfe5cf70039acae45e1beb07ba0d9d537c9240d4b74eb74ab0af42

SHA512
db83bd4c4d8b67747ac9ae41560d61396d7b3176bc86f098423a428b6edd0e1353d8ac4fb25aadb79277a40593428d3ec7ecb482582f3565cab2286a9b7634b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe

Filesize
468KB

MD5
4dcd7ff92d09155fcadf0411390e4179

SHA1
87a89c84477876b74bfe2f6936ffddc2c6ca3e9e

SHA256
7151c3739047f0b01fc8acd0fe74b7f0edeed22d343c1b52ee4de5cc6f61d779

SHA512
59d6f57f6f1c55c94596aec13f3600145cb7cb5a84a45c955d27d915cc52952d66dbba3da042586cab6eca12da05c2a9a58a1fb9bf14ce3e1bb96c7caab86de5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe

Filesize
468KB

MD5
e8100dcf57ad675f07d66ea11089f3f2

SHA1
f84f8bf4fc58cef9064b812b17466305e6e7cd17

SHA256
69ba657b148686202d63505fbc04758642e7b2b16486b697f1a9596fc846a735

SHA512
c002dfbe665436694b73996785aa750fc0d043bc19a3478ac327794a22739d6bb9edb3f0b32a0f2b2bead3f72ed1012a991c962b7fb524f4d8c1d2300116c9a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe

Filesize
468KB

MD5
327e46d9a3e0a609c655239fecb11236

SHA1
35e927bd3cf2dc51227f522624de622970677696

SHA256
13cd8cd723740286689028addb420a2f868b66d93e4a4f669b02176cc053ccba

SHA512
064b85d3efab0b0cd4e30530b7d2f9a2bdd369228abb8f7171ae6b1d2aca44b8b7e0e73fdce9bb9928c90196c6758d9dbf97f4fdf764aa243a1f8241d284c438

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe

Filesize
468KB

MD5
e38d82651af62a5f8aeb797b72395e50

SHA1
09591098ea7681b8aa11e189fe1e15f4de4ceb74

SHA256
6aef6da85fb6a9f0636d2edc24d4d5d21eaf069b966bb5df8906f5c78422fd39

SHA512
c51f51ea0c7cd695bf9253b2b9cebaac9e70d8247e91f4811bcbd962156a7ed7f7064f8fd3554e654a88172150cfc0eb0f7752b967fb99aeb07fa215e5b66a84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe

Filesize
468KB

MD5
ae19ca8df0a2e838599c9ac69c4a21f1

SHA1
48c228f65c86956a742a7659964ab6210e0ef775

SHA256
27161eba0854a038531a7ec98211cee1d6588fb250075a9292719b32b14d7b2e

SHA512
9394be4116652f3f1257961189c5e2ff1cc42ecfd1ee4308b1670de19968289e43e322b443b87e7784267037d7984dd24a216ea2d6a867375e0ce1ce30a687d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe

Filesize
468KB

MD5
103e5be56bb984e13e024641bd16e3a9

SHA1
27d75366e39f33b74d47f6866a1c739e95878a26

SHA256
896c6e3a2c68fd1e0984a8a75f8f2afaeb43ba83ddd67fd814d5783bc88fe591

SHA512
5577ed82e45d88081771a8edcba71085363cc85d7c06460f1aa70cae9706acba57567d43b58cf7b658655f53686bc765ce885f5f76137afcd44bc37cae7fd88f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe

Filesize
468KB

MD5
27fb2cb08b3b7c8c6f0ea913649a1633

SHA1
3e5e8a1c2b7f0766ba6269fbc032a2740271aab1

SHA256
44d077f888ad5329a853237fd02e6e20d28e9143bd38032a653718af422ecdc1

SHA512
6bddb53a7f529b4416d287de6518149be99239c9922bec0bf7b8c795bdedbdddd60b98e50b573f732db7f6c253b0fb92879c77132ed3dd23c6b1d5836e013aee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-910.exe

Filesize
468KB

MD5
01faa45c22302a25c7c94580cc8534de

SHA1
94849d0f4ca1907534ab38a6ffab9c07179a9564

SHA256
0cf46a862258ed8d44e0bef8fd7965190f19b90315637c19702a880d8ba61b8e

SHA512
6abc4a1c4ede90ad657c52943c2951b70a8d0134b18e025bfeb180c5236f5f92d551049670e3420514d846f4069fc6eef6bff2bf18c6331a7db77cf31b6bf17f

Download Submit