bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
Size

468KB
MD5

1b51b5ee73287387c26fb6e1ab933716
SHA1

0e92e3d0a00143caaf38b979f7125774cbb32a25
SHA256

bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e
SHA512

d4016468066d9a36dfcde20ffe070f03ef857663e49f4f96033d6d5915f060ec1bf0c2c75185543ff813a1478f270fff0ce54fde921ccf11b48d7ca9c4884451
SSDEEP

3072:lGoHogIKI05TkbqNHzcOcfr/zChJn7p0nLHeaVPpFf9LOCMg/Slg:lGIoD8Tk0H4OcfQFV4Ff59Mg/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2364	Unicorn-23419.exe
2380	Unicorn-59086.exe
2792	Unicorn-39028.exe
1844	Unicorn-49904.exe
2936	Unicorn-63841.exe
764	Unicorn-33075.exe
2940	Unicorn-34646.exe
3068	Unicorn-52271.exe
1720	Unicorn-56806.exe
2444	Unicorn-11461.exe
2244	Unicorn-57133.exe
2920	Unicorn-44902.exe
2624	Unicorn-9349.exe
2872	Unicorn-941.exe
2344	Unicorn-28591.exe
612	Unicorn-14352.exe
2144	Unicorn-48186.exe
2352	Unicorn-25622.exe
1632	Unicorn-25622.exe
2820	Unicorn-10364.exe
1612	Unicorn-30230.exe
2092	Unicorn-29965.exe
1852	Unicorn-62710.exe
1728	Unicorn-23741.exe
1008	Unicorn-10774.exe
1948	Unicorn-30640.exe
1332	Unicorn-62631.exe
2156	Unicorn-3224.exe
2016	Unicorn-51610.exe
2100	Unicorn-5938.exe
2664	Unicorn-36368.exe
1804	Unicorn-33645.exe
1500	Unicorn-44724.exe
2496	Unicorn-16536.exe
1604	Unicorn-24894.exe
2220	Unicorn-22130.exe
2160	Unicorn-41563.exe
2828	Unicorn-52332.exe
2776	Unicorn-46966.exe
2972	Unicorn-9675.exe
2608	Unicorn-23276.exe
1824	Unicorn-31305.exe
2960	Unicorn-46022.exe
2628	Unicorn-46022.exe
2384	Unicorn-46022.exe
952	Unicorn-46022.exe
2552	Unicorn-46022.exe
1732	Unicorn-46022.exe
2956	Unicorn-46022.exe
1940	Unicorn-46022.exe
2228	Unicorn-46022.exe
3060	Unicorn-46022.exe
2064	Unicorn-25824.exe
616	Unicorn-8035.exe
1756	Unicorn-63602.exe
1140	Unicorn-17882.exe
2900	Unicorn-10788.exe
1964	Unicorn-4923.exe
3000	Unicorn-56725.exe
2488	Unicorn-4923.exe
2676	Unicorn-4923.exe
304	Unicorn-39455.exe
2412	Unicorn-39720.exe
1548	Unicorn-33589.exe

Loads dropped DLL 64 IoCs

pid	Process
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2364	Unicorn-23419.exe
2364	Unicorn-23419.exe
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2792	Unicorn-39028.exe
2792	Unicorn-39028.exe
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2364	Unicorn-23419.exe
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2364	Unicorn-23419.exe
2380	Unicorn-59086.exe
2380	Unicorn-59086.exe
2936	Unicorn-63841.exe
2936	Unicorn-63841.exe
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2380	Unicorn-59086.exe
764	Unicorn-33075.exe
1844	Unicorn-49904.exe
764	Unicorn-33075.exe
2380	Unicorn-59086.exe
1844	Unicorn-49904.exe
2940	Unicorn-34646.exe
2940	Unicorn-34646.exe
2792	Unicorn-39028.exe
2364	Unicorn-23419.exe
2364	Unicorn-23419.exe
2792	Unicorn-39028.exe
1720	Unicorn-56806.exe
1720	Unicorn-56806.exe
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2872	Unicorn-941.exe
2872	Unicorn-941.exe
2624	Unicorn-9349.exe
2624	Unicorn-9349.exe
2940	Unicorn-34646.exe
2940	Unicorn-34646.exe
2344	Unicorn-28591.exe
2344	Unicorn-28591.exe
2364	Unicorn-23419.exe
2364	Unicorn-23419.exe
3068	Unicorn-52271.exe
3068	Unicorn-52271.exe
2792	Unicorn-39028.exe
2792	Unicorn-39028.exe
2936	Unicorn-63841.exe
2244	Unicorn-57133.exe
2936	Unicorn-63841.exe
2244	Unicorn-57133.exe
2380	Unicorn-59086.exe
2920	Unicorn-44902.exe
2380	Unicorn-59086.exe
2920	Unicorn-44902.exe
1844	Unicorn-49904.exe
1844	Unicorn-49904.exe
2444	Unicorn-11461.exe
2444	Unicorn-11461.exe
764	Unicorn-33075.exe
764	Unicorn-33075.exe
612	Unicorn-14352.exe
612	Unicorn-14352.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2788	2900	WerFault.exe	85

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43696.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
2364	Unicorn-23419.exe
2380	Unicorn-59086.exe
2792	Unicorn-39028.exe
2936	Unicorn-63841.exe
1844	Unicorn-49904.exe
2940	Unicorn-34646.exe
764	Unicorn-33075.exe
3068	Unicorn-52271.exe
1720	Unicorn-56806.exe
2872	Unicorn-941.exe
2344	Unicorn-28591.exe
2244	Unicorn-57133.exe
2920	Unicorn-44902.exe
2444	Unicorn-11461.exe
2624	Unicorn-9349.exe
612	Unicorn-14352.exe
2144	Unicorn-48186.exe
2352	Unicorn-25622.exe
1632	Unicorn-25622.exe
2820	Unicorn-10364.exe
1852	Unicorn-62710.exe
1612	Unicorn-30230.exe
1728	Unicorn-23741.exe
1008	Unicorn-10774.exe
1948	Unicorn-30640.exe
1332	Unicorn-62631.exe
2156	Unicorn-3224.exe
2100	Unicorn-5938.exe
2016	Unicorn-51610.exe
2092	Unicorn-29965.exe
2664	Unicorn-36368.exe
1804	Unicorn-33645.exe
1500	Unicorn-44724.exe
2496	Unicorn-16536.exe
1604	Unicorn-24894.exe
2220	Unicorn-22130.exe
2160	Unicorn-41563.exe
2828	Unicorn-52332.exe
2776	Unicorn-46966.exe
2972	Unicorn-9675.exe
2608	Unicorn-23276.exe
2960	Unicorn-46022.exe
1824	Unicorn-31305.exe
3060	Unicorn-46022.exe
2628	Unicorn-46022.exe
952	Unicorn-46022.exe
2228	Unicorn-46022.exe
1940	Unicorn-46022.exe
2384	Unicorn-46022.exe
2552	Unicorn-46022.exe
2956	Unicorn-46022.exe
1732	Unicorn-46022.exe
2064	Unicorn-25824.exe
616	Unicorn-8035.exe
1756	Unicorn-63602.exe
304	Unicorn-39455.exe
2676	Unicorn-4923.exe
3000	Unicorn-56725.exe
2488	Unicorn-4923.exe
1140	Unicorn-17882.exe
2412	Unicorn-39720.exe
1548	Unicorn-33589.exe
2900	Unicorn-10788.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2364	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	29
PID 2260 wrote to memory of 2364	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	29
PID 2260 wrote to memory of 2364	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	29
PID 2260 wrote to memory of 2364	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	29
PID 2364 wrote to memory of 2380	2364	Unicorn-23419.exe	30
PID 2364 wrote to memory of 2380	2364	Unicorn-23419.exe	30
PID 2364 wrote to memory of 2380	2364	Unicorn-23419.exe	30
PID 2364 wrote to memory of 2380	2364	Unicorn-23419.exe	30
PID 2260 wrote to memory of 2792	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	31
PID 2260 wrote to memory of 2792	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	31
PID 2260 wrote to memory of 2792	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	31
PID 2260 wrote to memory of 2792	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	31
PID 2792 wrote to memory of 1844	2792	Unicorn-39028.exe	32
PID 2792 wrote to memory of 1844	2792	Unicorn-39028.exe	32
PID 2792 wrote to memory of 1844	2792	Unicorn-39028.exe	32
PID 2792 wrote to memory of 1844	2792	Unicorn-39028.exe	32
PID 2260 wrote to memory of 2936	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	33
PID 2260 wrote to memory of 2936	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	33
PID 2260 wrote to memory of 2936	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	33
PID 2260 wrote to memory of 2936	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	33
PID 2364 wrote to memory of 2940	2364	Unicorn-23419.exe	34
PID 2364 wrote to memory of 2940	2364	Unicorn-23419.exe	34
PID 2364 wrote to memory of 2940	2364	Unicorn-23419.exe	34
PID 2364 wrote to memory of 2940	2364	Unicorn-23419.exe	34
PID 2380 wrote to memory of 764	2380	Unicorn-59086.exe	35
PID 2380 wrote to memory of 764	2380	Unicorn-59086.exe	35
PID 2380 wrote to memory of 764	2380	Unicorn-59086.exe	35
PID 2380 wrote to memory of 764	2380	Unicorn-59086.exe	35
PID 2936 wrote to memory of 3068	2936	Unicorn-63841.exe	36
PID 2936 wrote to memory of 3068	2936	Unicorn-63841.exe	36
PID 2936 wrote to memory of 3068	2936	Unicorn-63841.exe	36
PID 2936 wrote to memory of 3068	2936	Unicorn-63841.exe	36
PID 2260 wrote to memory of 1720	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	37
PID 2260 wrote to memory of 1720	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	37
PID 2260 wrote to memory of 1720	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	37
PID 2260 wrote to memory of 1720	2260	bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe	37
PID 764 wrote to memory of 2444	764	Unicorn-33075.exe	39
PID 764 wrote to memory of 2444	764	Unicorn-33075.exe	39
PID 764 wrote to memory of 2444	764	Unicorn-33075.exe	39
PID 764 wrote to memory of 2444	764	Unicorn-33075.exe	39
PID 2380 wrote to memory of 2244	2380	Unicorn-59086.exe	38
PID 2380 wrote to memory of 2244	2380	Unicorn-59086.exe	38
PID 2380 wrote to memory of 2244	2380	Unicorn-59086.exe	38
PID 2380 wrote to memory of 2244	2380	Unicorn-59086.exe	38
PID 1844 wrote to memory of 2920	1844	Unicorn-49904.exe	40
PID 1844 wrote to memory of 2920	1844	Unicorn-49904.exe	40
PID 1844 wrote to memory of 2920	1844	Unicorn-49904.exe	40
PID 1844 wrote to memory of 2920	1844	Unicorn-49904.exe	40
PID 2940 wrote to memory of 2624	2940	Unicorn-34646.exe	41
PID 2940 wrote to memory of 2624	2940	Unicorn-34646.exe	41
PID 2940 wrote to memory of 2624	2940	Unicorn-34646.exe	41
PID 2940 wrote to memory of 2624	2940	Unicorn-34646.exe	41
PID 2364 wrote to memory of 2872	2364	Unicorn-23419.exe	43
PID 2364 wrote to memory of 2872	2364	Unicorn-23419.exe	43
PID 2364 wrote to memory of 2872	2364	Unicorn-23419.exe	43
PID 2364 wrote to memory of 2872	2364	Unicorn-23419.exe	43
PID 2792 wrote to memory of 2344	2792	Unicorn-39028.exe	42
PID 2792 wrote to memory of 2344	2792	Unicorn-39028.exe	42
PID 2792 wrote to memory of 2344	2792	Unicorn-39028.exe	42
PID 2792 wrote to memory of 2344	2792	Unicorn-39028.exe	42
PID 1720 wrote to memory of 612	1720	Unicorn-56806.exe	44
PID 1720 wrote to memory of 612	1720	Unicorn-56806.exe	44
PID 1720 wrote to memory of 612	1720	Unicorn-56806.exe	44
PID 1720 wrote to memory of 612	1720	Unicorn-56806.exe	44

C:\Users\Admin\AppData\Local\Temp\bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe
"C:\Users\Admin\AppData\Local\Temp\bf5881aaf99cbfb3888f01927e13fd83b3061a34e61fb5d7373e4c10fe257b7e.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33075.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13335.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44602.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        8⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2833.exe
        7⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        7⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        7⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        6⤵
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        6⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        6⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
        6⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12721.exe
        6⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        7⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        7⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        6⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        6⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63151.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        5⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        6⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        6⤵
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        6⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        6⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
        5⤵
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
      4⤵
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
      4⤵
      PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
      4⤵
      PID:5500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        7⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        6⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
        6⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        7⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34802.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        5⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        6⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        5⤵
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        6⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
      4⤵
      Executes dropped EXE
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
        5⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
      4⤵
      PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
      4⤵
      PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        6⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        6⤵
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62112.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        5⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        5⤵
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
      4⤵
      PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
      4⤵
      PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
      4⤵
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
      4⤵
      PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
      4⤵
      PID:5616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        5⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        5⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11809.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        5⤵
        
        PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
      4⤵
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
      4⤵
      PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
      4⤵
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
      4⤵
      PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
    3⤵
    PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
    3⤵
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
    3⤵
    PID:3516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
    3⤵
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
    3⤵
    PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
    3⤵
    PID:5404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        7⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
        6⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        6⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        6⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        5⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        5⤵
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        6⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        5⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53026.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        5⤵
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
      4⤵
      PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
      4⤵
      PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48686.exe
        6⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        6⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        6⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        5⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
      4⤵
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      4⤵
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
      4⤵
      PID:5288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
        5⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
      4⤵
      PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
      4⤵
      PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
      4⤵
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
      4⤵
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
      4⤵
      Program crash
      PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
    3⤵
    PID:3192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
    3⤵
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
    3⤵
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
    3⤵
    PID:4644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
    3⤵
    PID:5140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
    3⤵
    PID:5316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        6⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57272.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        6⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46068.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        5⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
        5⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
      4⤵
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7547.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        5⤵
        
        PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
      4⤵
      PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
      4⤵
      PID:5872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        5⤵
        
        PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
      4⤵
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
      4⤵
      PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
      4⤵
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
      4⤵
      PID:5124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
      4⤵
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46068.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
      4⤵
      PID:5980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
    3⤵
    PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
    3⤵
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
    3⤵
    PID:5176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14352.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33645.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        5⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        5⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65143.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        5⤵
        
        PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60865.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
      4⤵
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
      4⤵
      PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
      4⤵
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
      4⤵
      PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
      4⤵
      PID:5508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
      4⤵
      PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
      4⤵
      PID:5452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
    3⤵
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18001.exe
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25067.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
    3⤵
    PID:4620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
    3⤵
    PID:5780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
    3⤵
    PID:5384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
      4⤵
      PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
      4⤵
      PID:980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
      4⤵
      PID:5588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
    3⤵
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
    3⤵
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
    3⤵
    PID:1188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
    3⤵
    PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
    3⤵
    PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
    3⤵
    PID:5812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
    3⤵
    PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
    3⤵
    PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
    3⤵
    PID:3776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
    3⤵
    PID:5064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
    3⤵
    PID:4472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
    3⤵
    PID:5492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
  2⤵
  PID:1392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
  2⤵
  PID:1908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
  2⤵
  PID:3664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
  2⤵
  PID:4872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
  2⤵
  PID:5864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
  2⤵
  PID:5724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14352.exe

Filesize
468KB

MD5
6d9c709c921751c80ba18e2adcd2dae7

SHA1
b1580e09efa211cf0d747a1c8b6c429616627bc6

SHA256
07f783996afae5fa4591fe646b9d5ba88ea809ba657d5aecd15bcc0a6a85b814

SHA512
e88429ea058b6b8aa06f0f25f07baf18dd50fb10d0b65b8aa67da26eeb4c3432af7eb56f06c2224cbf171c7667fd0ccfba4ee5541d27ea16272eea59e6ea1918

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe

Filesize
468KB

MD5
bab4af42d5d555931f5f882515f12723

SHA1
6d87e5280cd890d5ee98c795eb23fe20a8c35862

SHA256
3ae9b56e0de3832d31d573357ce13bedf4ad359c6157f9f57ee420e3008106b8

SHA512
625435c92cbe12e51ab8e1808e59dc022ca3b7c93c3f0806c194206ab825432d51516d86cb8256f5dfcdc17e06d35e9e4e36e795ebf4e65ab2c46ecdbc69c603

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe

Filesize
468KB

MD5
df7e9a562696ca0f6d5bd30c1e574c35

SHA1
a6710b9e29686e254e5b3e33aa2a88c8b00d6348

SHA256
c6f8e0bc7c40c5e626fc47e2b2f7df733c2148a61ca75233e441fef44c971bcf

SHA512
d99a0c0b3101ea8bd1573be462412c81c6e26f8e682fbd0ca81a2599643372a10e35cd0c15c973a80e1498cb8a3a410732193a0c3b1fe7d395bbe217f4d7d995

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe

Filesize
468KB

MD5
ab51d4e2d9c99ef61d6c1061fa8254b4

SHA1
e3f56e346008f65147d35fc6549928b8550196bf

SHA256
49b1bf2bf08a3ccf7a6e040b2cd5b5d64f16bf3e1ef7e39a46de09d1fa961bc7

SHA512
be970aed90b22642aee35a2c28a9b952ebf1bf0b91b375a5bad2d02d4f4e7a55bd4bfef2caf58c88a38d8d5b387b2bebf28698379fa12cc323e7643b329b828a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe

Filesize
468KB

MD5
7a00057187ae59c938d50f74f0822765

SHA1
f6d632711745272c861432388781e555288f740f

SHA256
427989837b4951fdbeb84b8da916db662f1648c2eff8810fa4b2573e1fa72db1

SHA512
9277f5dd4271f4a6e70a0e5087d6e4e3b116bd475706aa47b0db79caa2ee28bc75306372e5a94b25e860179c0f2e159c6da4e8eda26c8178361e6e18e8adbd9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe

Filesize
468KB

MD5
e775c9d2c778f38ed38186bebd6fab0d

SHA1
a34b67159097de96b656b1f3c86ed8d3ffa63b5f

SHA256
620efb2cf3cef11a9cd761e1c5d50a7b4e9f93556707bc0fc53e55c2eaef1a95

SHA512
0720eb187f2500577c7ab22783dafbc0fdbd7efc3fb32c490e22c2be9f465fdd61b12f2d78b0f5a4be016754a71b0eddd01e68aa22d0e5668e1009ac294c1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe

Filesize
468KB

MD5
a3cde2dba59d95c367cfecb0ff4bef7e

SHA1
d1ed9ec71810f517f5b7225cc74a78aea9f2fc6c

SHA256
dc74291b88e724c588a8adaeea8381b064a254824dd886966c62b41ac6d5648e

SHA512
d3dde4040c7ec20c270a53d4cebf91d01484a22f70fda666a6f7f5d24572739565506ee6484f5c2c474f3b019e03c8412e4994a45149db316cc2b37a8f01311d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe

Filesize
468KB

MD5
6d2b1906883ff68e4ca367deaa1b9b3d

SHA1
8bfa6b05c64a2caa33dca19a843176bb621b54ab

SHA256
fcd60e01a016700679a452b69a4317ef3754363359d054fbbb46ed6bac3f5924

SHA512
a52bbe2e4afeaf0e56bd982b3ab00e57db8cf2b070a276f237782418f888a33f5e898e9bed0cab1ba151fa1ef79508f91ea06488d910a406a5fd26bd2b3c23bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe

Filesize
468KB

MD5
6356a777fc24453291643f8e02848db8

SHA1
eb35dab92e1aa4bb2ac18018a771f9baab4c2422

SHA256
bb17b660e94bd3ac1b1da83ce3ccf67c43c3f266b139d7086d3e186f7815bd54

SHA512
9aa3045a06ba1943e5f1f9d56705e7373df599597ff2508c08fee989c8a5655676d57a2ab23aab319b52e8088cc8a3841f92cd958c87daedf9fd56049b849369

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5938.exe

Filesize
468KB

MD5
167903de5a222ec8cbcc30c53180f646

SHA1
34e3487d5816bf5e547d8627a6b4847d2b85e1d2

SHA256
42c279084979f2d2eeac3497c71ef300d7aecc32469fdd6c113767e13957fa8e

SHA512
d3899a18d494211062bf776fcf1dc6b446f21e57d3c9c57449e0d08065119a1d5cf0fd622970b8e1ea8df6963386d805cd25fa4b3fe2221e8cda12cc74e254a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe

Filesize
468KB

MD5
490fea91e3f09d41c8f7c16443652a14

SHA1
4a2861a5f9117128f2aaccf3607343f6a0aea865

SHA256
a38b89330f1a50fbb3dfd76d24207db88bc0626d5ff55704a7bc85b74e998f20

SHA512
7245146ab3770bb06102b454c3386e127c128f6734bff8f7c3c8149dd858bbbe01c94882ff884de8d64c46e2460414e004c96cac10a1112eae8bb9ba0269ad47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe

Filesize
468KB

MD5
70d04bede3edd4a74e280544ea88e60a

SHA1
6a601d5244e5885beb4005c388e4d0adb3b27175

SHA256
7bd57fa340300bcd06695b3938153d2c870ae8cd6a065379e4fa53cb59e99803

SHA512
b1ead23e91fd4a834823587641c5b57493442b310e7d5da3ef41e893eaf987f95188b1a47d1a113c8111405465d5a94c029c2a567529d9e7bc542832ca21684f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe

Filesize
468KB

MD5
5e10e18ea5027dc31b1207ca82d78893

SHA1
d617f835eca71aa644e05b2c7ef62b333a8bae73

SHA256
426823ab1f7af17d7f67308e5e3c7726c2266e09d7f11d72585e1a373f6146a0

SHA512
c4e305326a50d6c867f6dec7603fa4c850555aaf128dd26984c83db8365a306a53d749b7ae632bb503d6b9e7c3642b9f084f90d73fcbd934f3115d1a5307ebda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33075.exe

Filesize
468KB

MD5
c7bb18c1dd1fdb2eb4c728f8fa08579b

SHA1
cba217570e1f2409ef570028eaddbd32f9630010

SHA256
f2b5fd4810f7c65bafc066eebb0071c1dcb86a73b1bc46a4e500eb18f6828cce

SHA512
3d896b96d926aae0ee4d96c92fd1ea03be34e2474ccb9c8eb59e069f5d2f0d94207ea4aaa65a3220cabd0cedb65e3b47f5264ada2d92b8c31907f714a2305fc5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe

Filesize
468KB

MD5
26342aab1ba4b856d5388068087dd403

SHA1
7541f51d79629038e83f4f469ffff318ad0ed05d

SHA256
55b1a5df777a004773e6c57805c781b9a00c6842e7406add0d1e25dca0fdd091

SHA512
9765b746d9b9dce23ee3ff58f5a36ba7325c7d1670f3d696382412633c40fbb48ecef05b1113dd0a1ee6aec1271e0251ab2204f4dd8d07ecf22783c8cb589b63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe

Filesize
468KB

MD5
a45ab5fefc2de9cdc337bc44d457b30f

SHA1
88cd61670076c6f7ece600a3c67dfa1970ad06dc

SHA256
641bb23ef543b6750237c9d4c73d36f506729b43ac0f080117af2b68084996bb

SHA512
f1c619704300da7c25c782ef6541e0c9a8e0e24f6a84e824ae8f2c8e21953c8ce3e0280579b8a9d87b3da82d5444a764cc9262b75f77898b54343a310701e7e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe

Filesize
468KB

MD5
2421b4395ada85a17d33d8cb082968b9

SHA1
f8804a1a3ea951aec3c9f0b13638b0dc6c7024d2

SHA256
062be10abf768327e2371fb3c0feb3ed0ea0220cdc455ad7df1ce264d23c8939

SHA512
055169ca6ad9ddd971438887ea19b8e127fe27d686b23efa30232ba7bf8a3da25f09ac67ad2b5e9611f1c41fc53a6f026c23071bd6f46335357f26d96a36ba6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe

Filesize
468KB

MD5
13bd74a27ac15e0d7c26dbab057e9a84

SHA1
c462725bc30ca76a5c2ff45f2e7840b325e1ebd0

SHA256
4bef3c2be5f99af29f3e3bb60f3413874834e5f71b1f7b55be6a6df4ea2d486e

SHA512
19bf443fc93a3a09d21ee8fadb19d9411898400fa0543e320e032f511cd975733a095b8574192de240e5881ce93c18349fadba8c1df64a1f78a9aa00fd4d501f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe

Filesize
468KB

MD5
089c4501913aaa9377ff30cb2670c94c

SHA1
ac06d68e6e58349cb65e85c7880145414739284b

SHA256
c30e3da4602cb8871b617aaab54d2696df649cbab7585afbc694106f59a79696

SHA512
bf32295232ada7c20191b3272d0f23b077a5ae89ecde7fc7c73e4c80620e57b27e68a272bbc3dc1900f5bdeb3e1d6af42641450eda031012b777619372e3a7bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe

Filesize
468KB

MD5
bf4a43946aa575c0c3789e3d3133c729

SHA1
b26f5cc7200c2a07f98479a7c22761dd0100dc60

SHA256
4246068101af6795a530e10696d022a36d9d81ad46f234da129a60a4f9d502fc

SHA512
7c865908103ca4c6f30a297a6a7284720936ef4fbd2be62b8c84f38c5cf889a619cee2c674aa99825812aacc7dff154c6b961de0138bc4b92ad47409d8f6f351

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe

Filesize
468KB

MD5
f1cf4e12630e0ee80fb0b29725e50a32

SHA1
a372ab665b9befcb583cde61ade3ed7d9cd02ab3

SHA256
4d234eeaf8881fb744c7ccd78715c2e1c28e7a4c2a06d25b8851a3cefac529f6

SHA512
dc4fe7f4ccb9b6a344e0e126dba6f7b841465fc5301e2dfb3da90c7863bd54fda92455e20f9c1172ec1acc9ef46e3f25181f6391cc32d257e3ff2c995035e5be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe

Filesize
468KB

MD5
5dff5a8ee7e02328f32900aa93f18558

SHA1
b733ed950398681f25cbb78e8f1f4378ecbe88f8

SHA256
969cebe8fbef454ca0c884f8ac56b3f98049501bed25320895e8e44c690ad46a

SHA512
71d9cc3b7bc378f9db68d9331d3f8ad74ff8688ab5bce108e9d4c4bfbcc7d96348b3ac2fedfa1e1cb1d3964d077782f461e6f3464443e3dabbc219376bc77063

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-941.exe

Filesize
468KB

MD5
a5cfb8521de83699ba62ac18c99a16ae

SHA1
c0b3aa8c1b6e2cd6ccb2e789314377958379685c

SHA256
5df1c92a8f9c898b3c3836dfd25c9042f228592c2d22dd8910c852c19c3f2864

SHA512
7718f1096c6edd20ff9f198c8cbf12a779918579beb1f6a13b199c70385baa0e9b7ff559d545fd83d747d4664991087201ed66ac5b84f04b702d73c36a5cd7b7

Download Submit