cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14be

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
Size

468KB
MD5

85eb2e65cbbf087f6c12f762e7235c90
SHA1

8c8a59fd5dbfb37c8f27e03b19ccbf7f2bc204a8
SHA256

cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14be
SHA512

4c06afeb69c5fcbba51c3689a1017e5c5c15fab96f3f7074f827ee9ab829a8529d7e866322ec5086da76543f5f9f2560ba6982f7c089ee3e1fe3cd8e99215ed4
SSDEEP

3072:BqFbo4L+je8RBbYkPz5jofLcnst4IpPnZHqkVWsnN4xaj9vLNqyl:BqhonvRB3P1jof+040N4xUhLNq

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
288	Unicorn-7595.exe
2008	Unicorn-43937.exe
2916	Unicorn-48960.exe
2892	Unicorn-14082.exe
2784	Unicorn-51586.exe
2760	Unicorn-54347.exe
2636	Unicorn-59400.exe
2180	Unicorn-23402.exe
820	Unicorn-59604.exe
1152	Unicorn-59879.exe
2856	Unicorn-11254.exe
2524	Unicorn-5198.exe
2988	Unicorn-23572.exe
300	Unicorn-50870.exe
1644	Unicorn-21653.exe
2128	Unicorn-9173.exe
2152	Unicorn-27739.exe
532	Unicorn-30889.exe
2572	Unicorn-59264.exe
1568	Unicorn-13976.exe
680	Unicorn-32102.exe
2040	Unicorn-36099.exe
2024	Unicorn-2082.exe
2556	Unicorn-4312.exe
2500	Unicorn-2466.exe
1288	Unicorn-2201.exe
1672	Unicorn-9217.exe
1704	Unicorn-53971.exe
2732	Unicorn-20016.exe
2920	Unicorn-39882.exe
2968	Unicorn-34344.exe
3024	Unicorn-5201.exe
2656	Unicorn-21159.exe
2736	Unicorn-5393.exe
2664	Unicorn-34619.exe
2592	Unicorn-54485.exe
2608	Unicorn-54485.exe
2396	Unicorn-54220.exe
548	Unicorn-62845.exe
1932	Unicorn-42979.exe
1852	Unicorn-32594.exe
2712	Unicorn-53909.exe
2236	Unicorn-47779.exe
900	Unicorn-45741.exe
2176	Unicorn-55891.exe
840	Unicorn-15372.exe
888	Unicorn-63291.exe
2084	Unicorn-35497.exe
1636	Unicorn-35575.exe
1272	Unicorn-51008.exe
1460	Unicorn-64743.exe
2268	Unicorn-5336.exe
1904	Unicorn-5336.exe
880	Unicorn-64743.exe
2568	Unicorn-5336.exe
2704	Unicorn-37936.exe
1148	Unicorn-38201.exe
764	Unicorn-12352.exe
3008	Unicorn-61553.exe
2660	Unicorn-24862.exe
2980	Unicorn-42368.exe
2368	Unicorn-28261.exe
2868	Unicorn-13566.exe
628	Unicorn-14848.exe

Loads dropped DLL 64 IoCs

pid	Process
2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
288	Unicorn-7595.exe
288	Unicorn-7595.exe
2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
2008	Unicorn-43937.exe
2008	Unicorn-43937.exe
288	Unicorn-7595.exe
288	Unicorn-7595.exe
2916	Unicorn-48960.exe
2916	Unicorn-48960.exe
2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
2008	Unicorn-43937.exe
2892	Unicorn-14082.exe
2008	Unicorn-43937.exe
2892	Unicorn-14082.exe
2784	Unicorn-51586.exe
2784	Unicorn-51586.exe
2760	Unicorn-54347.exe
2760	Unicorn-54347.exe
2636	Unicorn-59400.exe
2636	Unicorn-59400.exe
2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
288	Unicorn-7595.exe
2916	Unicorn-48960.exe
2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
288	Unicorn-7595.exe
2916	Unicorn-48960.exe
2180	Unicorn-23402.exe
2180	Unicorn-23402.exe
2008	Unicorn-43937.exe
2008	Unicorn-43937.exe
820	Unicorn-59604.exe
820	Unicorn-59604.exe
2892	Unicorn-14082.exe
2892	Unicorn-14082.exe
1152	Unicorn-59879.exe
1152	Unicorn-59879.exe
2784	Unicorn-51586.exe
2784	Unicorn-51586.exe
300	Unicorn-50870.exe
300	Unicorn-50870.exe
2988	Unicorn-23572.exe
2988	Unicorn-23572.exe
2916	Unicorn-48960.exe
2916	Unicorn-48960.exe
2524	Unicorn-5198.exe
288	Unicorn-7595.exe
2524	Unicorn-5198.exe
288	Unicorn-7595.exe
2636	Unicorn-59400.exe
2636	Unicorn-59400.exe
2128	Unicorn-9173.exe
2128	Unicorn-9173.exe
2180	Unicorn-23402.exe
2180	Unicorn-23402.exe
2856	Unicorn-11254.exe
2856	Unicorn-11254.exe
2760	Unicorn-54347.exe
2760	Unicorn-54347.exe
1644	Unicorn-21653.exe
1644	Unicorn-21653.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1664	1288	WerFault.exe	55

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4588.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
288	Unicorn-7595.exe
2008	Unicorn-43937.exe
2916	Unicorn-48960.exe
2892	Unicorn-14082.exe
2784	Unicorn-51586.exe
2760	Unicorn-54347.exe
2636	Unicorn-59400.exe
2180	Unicorn-23402.exe
820	Unicorn-59604.exe
1152	Unicorn-59879.exe
2988	Unicorn-23572.exe
2524	Unicorn-5198.exe
300	Unicorn-50870.exe
2856	Unicorn-11254.exe
1644	Unicorn-21653.exe
2128	Unicorn-9173.exe
2152	Unicorn-27739.exe
2572	Unicorn-59264.exe
1568	Unicorn-13976.exe
532	Unicorn-30889.exe
680	Unicorn-32102.exe
2040	Unicorn-36099.exe
2024	Unicorn-2082.exe
2500	Unicorn-2466.exe
1288	Unicorn-2201.exe
2556	Unicorn-4312.exe
1672	Unicorn-9217.exe
1704	Unicorn-53971.exe
2920	Unicorn-39882.exe
2732	Unicorn-20016.exe
2968	Unicorn-34344.exe
2712	Unicorn-53909.exe
2664	Unicorn-34619.exe
2236	Unicorn-47779.exe
2656	Unicorn-21159.exe
2608	Unicorn-54485.exe
2396	Unicorn-54220.exe
548	Unicorn-62845.exe
3024	Unicorn-5201.exe
1932	Unicorn-42979.exe
900	Unicorn-45741.exe
1852	Unicorn-32594.exe
2736	Unicorn-5393.exe
2592	Unicorn-54485.exe
2176	Unicorn-55891.exe
840	Unicorn-15372.exe
888	Unicorn-63291.exe
2084	Unicorn-35497.exe
1636	Unicorn-35575.exe
1460	Unicorn-64743.exe
2568	Unicorn-5336.exe
1148	Unicorn-38201.exe
764	Unicorn-12352.exe
1904	Unicorn-5336.exe
1272	Unicorn-51008.exe
3008	Unicorn-61553.exe
880	Unicorn-64743.exe
2704	Unicorn-37936.exe
2268	Unicorn-5336.exe
2660	Unicorn-24862.exe
2980	Unicorn-42368.exe
2868	Unicorn-13566.exe
2368	Unicorn-28261.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 288	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	30
PID 2264 wrote to memory of 288	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	30
PID 2264 wrote to memory of 288	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	30
PID 2264 wrote to memory of 288	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	30
PID 288 wrote to memory of 2008	288	Unicorn-7595.exe	31
PID 288 wrote to memory of 2008	288	Unicorn-7595.exe	31
PID 288 wrote to memory of 2008	288	Unicorn-7595.exe	31
PID 288 wrote to memory of 2008	288	Unicorn-7595.exe	31
PID 2264 wrote to memory of 2916	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	32
PID 2264 wrote to memory of 2916	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	32
PID 2264 wrote to memory of 2916	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	32
PID 2264 wrote to memory of 2916	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	32
PID 2008 wrote to memory of 2892	2008	Unicorn-43937.exe	33
PID 2008 wrote to memory of 2892	2008	Unicorn-43937.exe	33
PID 2008 wrote to memory of 2892	2008	Unicorn-43937.exe	33
PID 2008 wrote to memory of 2892	2008	Unicorn-43937.exe	33
PID 288 wrote to memory of 2784	288	Unicorn-7595.exe	34
PID 288 wrote to memory of 2784	288	Unicorn-7595.exe	34
PID 288 wrote to memory of 2784	288	Unicorn-7595.exe	34
PID 288 wrote to memory of 2784	288	Unicorn-7595.exe	34
PID 2916 wrote to memory of 2760	2916	Unicorn-48960.exe	35
PID 2916 wrote to memory of 2760	2916	Unicorn-48960.exe	35
PID 2916 wrote to memory of 2760	2916	Unicorn-48960.exe	35
PID 2916 wrote to memory of 2760	2916	Unicorn-48960.exe	35
PID 2264 wrote to memory of 2636	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	36
PID 2264 wrote to memory of 2636	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	36
PID 2264 wrote to memory of 2636	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	36
PID 2264 wrote to memory of 2636	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	36
PID 2008 wrote to memory of 2180	2008	Unicorn-43937.exe	37
PID 2008 wrote to memory of 2180	2008	Unicorn-43937.exe	37
PID 2008 wrote to memory of 2180	2008	Unicorn-43937.exe	37
PID 2008 wrote to memory of 2180	2008	Unicorn-43937.exe	37
PID 2892 wrote to memory of 820	2892	Unicorn-14082.exe	38
PID 2892 wrote to memory of 820	2892	Unicorn-14082.exe	38
PID 2892 wrote to memory of 820	2892	Unicorn-14082.exe	38
PID 2892 wrote to memory of 820	2892	Unicorn-14082.exe	38
PID 2784 wrote to memory of 1152	2784	Unicorn-51586.exe	39
PID 2784 wrote to memory of 1152	2784	Unicorn-51586.exe	39
PID 2784 wrote to memory of 1152	2784	Unicorn-51586.exe	39
PID 2784 wrote to memory of 1152	2784	Unicorn-51586.exe	39
PID 2760 wrote to memory of 2856	2760	Unicorn-54347.exe	40
PID 2760 wrote to memory of 2856	2760	Unicorn-54347.exe	40
PID 2760 wrote to memory of 2856	2760	Unicorn-54347.exe	40
PID 2760 wrote to memory of 2856	2760	Unicorn-54347.exe	40
PID 2636 wrote to memory of 2524	2636	Unicorn-59400.exe	41
PID 2636 wrote to memory of 2524	2636	Unicorn-59400.exe	41
PID 2636 wrote to memory of 2524	2636	Unicorn-59400.exe	41
PID 2636 wrote to memory of 2524	2636	Unicorn-59400.exe	41
PID 2264 wrote to memory of 1644	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	42
PID 2264 wrote to memory of 1644	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	42
PID 2264 wrote to memory of 1644	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	42
PID 2264 wrote to memory of 1644	2264	cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe	42
PID 288 wrote to memory of 2988	288	Unicorn-7595.exe	43
PID 288 wrote to memory of 2988	288	Unicorn-7595.exe	43
PID 288 wrote to memory of 2988	288	Unicorn-7595.exe	43
PID 288 wrote to memory of 2988	288	Unicorn-7595.exe	43
PID 2916 wrote to memory of 300	2916	Unicorn-48960.exe	44
PID 2916 wrote to memory of 300	2916	Unicorn-48960.exe	44
PID 2916 wrote to memory of 300	2916	Unicorn-48960.exe	44
PID 2916 wrote to memory of 300	2916	Unicorn-48960.exe	44
PID 2180 wrote to memory of 2128	2180	Unicorn-23402.exe	45
PID 2180 wrote to memory of 2128	2180	Unicorn-23402.exe	45
PID 2180 wrote to memory of 2128	2180	Unicorn-23402.exe	45
PID 2180 wrote to memory of 2128	2180	Unicorn-23402.exe	45

C:\Users\Admin\AppData\Local\Temp\cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe
"C:\Users\Admin\AppData\Local\Temp\cad4f7c8291023ed1129d64e97374c269bce6858e8e3f85ad389370c9d2a14beN.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        7⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38863.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        6⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17131.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
        6⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        9⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        9⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        7⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13566.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        7⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
        7⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        6⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        6⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        6⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54894.exe
        6⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35015.exe
        5⤵
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        7⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        7⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        6⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        6⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23903.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28721.exe
        6⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        5⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        6⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
        7⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        6⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        5⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        5⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
        5⤵
        
        PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        5⤵
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
      4⤵
      PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
      4⤵
      PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51586.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        7⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
        6⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        7⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63880.exe
        6⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        7⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        7⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22899.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24862.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40740.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        5⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
        5⤵
        
        PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
        5⤵
        
        PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
        7⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        7⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        6⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        6⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        5⤵
        Executes dropped EXE
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        5⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        5⤵
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
      4⤵
      PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
      4⤵
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        6⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        7⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        6⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40011.exe
        5⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        5⤵
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        5⤵
        
        PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        5⤵
        
        PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
        5⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9221.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        5⤵
        
        PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
      4⤵
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        5⤵
        
        PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
      4⤵
      PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
      4⤵
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
      4⤵
      PID:5076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1288
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
      4⤵
      Program crash
      PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
      4⤵
      PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
    3⤵
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
    3⤵
    PID:916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
    3⤵
    PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
    3⤵
    PID:4248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        6⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        6⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        5⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        5⤵
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        6⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        5⤵
        
        PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
      4⤵
      PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
      4⤵
      PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        7⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
        6⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
        6⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        6⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        5⤵
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        5⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30959.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        5⤵
        
        PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      4⤵
      PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
      4⤵
      PID:6108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        5⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58572.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
      4⤵
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12585.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
      4⤵
      PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
      4⤵
      PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
    3⤵
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
    3⤵
    PID:5080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        6⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        5⤵
        
        PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56431.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
      4⤵
      PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
      4⤵
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
      4⤵
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
      4⤵
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
      4⤵
      PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
    3⤵
    PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
    3⤵
    PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
    3⤵
    PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
    3⤵
    PID:5284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
      4⤵
      PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
      4⤵
      PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
    3⤵
    PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
    3⤵
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
    3⤵
    PID:3968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
    3⤵
    PID:4236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
    3⤵
    PID:5568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
    3⤵
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62693.exe
      4⤵
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44837.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
    3⤵
    PID:2068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
    3⤵
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
    3⤵
    PID:5316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
  2⤵
  PID:1036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44903.exe
    3⤵
    PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
    3⤵
    PID:5268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
  2⤵
  PID:864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
  2⤵
  PID:3736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
  2⤵
  PID:3248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
  2⤵
  PID:4864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
  2⤵
  PID:5552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe

Filesize
468KB

MD5
2442b7f6a20dddd33466caca1d6c6cdf

SHA1
68259aeb556fc6cf3bf30577c10ba00bc01adec0

SHA256
45a224b37ac075d4f6fab553a961e1c90049254b4e6a0ed5da7aaa92608b5f38

SHA512
5acd9c16cd27b0332be530352010405fe6f292bf27c9abb2c21fb45105ecf553b3bd6b481f781f13c86b62607263bf2e63eb76e867400156a1a9c53b697fb33f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe

Filesize
468KB

MD5
0f0c575c06929b591fe9abe44831fd9e

SHA1
c2da5b5337734fa6318be070dc25441a10bfab44

SHA256
0bc3bff8f6098e0220f08e255ef6b51c97f3b76be19cd8b274b5a82288b12664

SHA512
af8a22e9bc731fbc771e41c0d80e9caa675f7ffd1edae7f30544ad7be2eaf442abe69f0bd18f76fef06ceea91f9ec32dfd378a5ec86b84c06ed3ca792e5e062f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51586.exe

Filesize
468KB

MD5
924c99f81a5921c8f6c8d90daea5b997

SHA1
5511be8bee0939bf8d90cd166cbc2694c96ab227

SHA256
fdb44b5f7a283ba207e286f2e86c9c9032a147a943ab8ab733fe2d8b3f7c506d

SHA512
b227a01adf4b9b15a1d2ca6944b11a05e12803aba290feed6e12ac8c423210536e7822d73b6dce63a7d90a9c28a6254a574cbf082e303882cc615105cbb8f965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe

Filesize
468KB

MD5
117d3dca61d197cad7cfa7971c40241f

SHA1
eedcc76a7607602826e2b017d213df6e6c05e3f8

SHA256
e1a6696e18fe15c1a646f168820eb25448fdfc3688f3472492a48782f669fab9

SHA512
0d050f1fe6be7424f3e3af14e854dc05f65d870e8d89d4d85f85b37c302d54625ae8ba813fca686be14b5f830e5f0431fbc58ecb24e87c7dccdda9e454fd60a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe

Filesize
468KB

MD5
3a1a597c91b667dafa49f99a987b7952

SHA1
74476f041fa92762b824d744df1a47d0108ebc13

SHA256
d9ce5d42626542af80a56e44d2c088bac0ad15cf7ce8f47e82f5c785f8fce13e

SHA512
2cd2018b677c1ba6880fe65521683a08cbc3590f421bc49e0e08b3aa2312c9a753936654c738bb8bde0d6e6ed015191735906ba634bc20a60d021382417c5c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe

Filesize
468KB

MD5
2791da6cb3fd60427d39837da00b2d92

SHA1
b4006686645ecb94a7c13650bd153e414848038d

SHA256
d857a4e96e4bc92204e3fd6678274bc7ed591d1ccbb88330fcd9b7647518db53

SHA512
f30796918aae4bdfccaed69453e6fbf81b8e898f0ff6e530f1cf49c10d3e049c382e0d9888c2cf14995ca2699bd4f2fb07bbbeb82c640e5418ccf9d517e80644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62693.exe

Filesize
468KB

MD5
dd6ba3bd9f231470cd198c71a2eb0c84

SHA1
85be376657f3bf6a427f858b40cd37c387cebeb0

SHA256
e94985a1e2e99aa9cb8d58db175e0c20d97277ce62113494d289ad1b05f88f3f

SHA512
c10ab9b7ce10192a869265f56fede5e40deac2f557df36c131f1502e15681d60048b5f886723f9877cd3f9fcebe181c0482872825c10af4672f31620f3ad2856

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe

Filesize
468KB

MD5
26aee80779098e66e25e65b96a30388c

SHA1
32b330e1e76251ff33f6171c5deedcd5d2ca5c86

SHA256
4546484a192237af18ff490d18998ee1db96176a6b98f5575f38feb92f639979

SHA512
e6f6b3503a7e8d7aa3aec510696e3e3ec6959b559dd8c8750b163aa5d55cfd88d1107f87ca9dcb63f79b24a434aad21dd39587928eed7a6a3959ef8d71964b2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe

Filesize
468KB

MD5
b69a3316b4430e4e6b633537c98fdfee

SHA1
cb71b503534774ac15ebca3ebcf37e90debd29b3

SHA256
4d9cc08914e21a29f13e22652354108dacd2dcc146d9a1baa599590c2a874292

SHA512
1c43c17a5e7ad88badcfeacf6f5d68637da7a2956c7685fd1f88c79d0db706d232c0b157b39c058a67728a577194e723ce69f32ba6b6a3dd8b716741d015dd08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe

Filesize
468KB

MD5
d5825e4315969fc56983ab7f9720bc60

SHA1
e1cd6b1dbb5d8fc579b8c61e28c2be1aa5c44d16

SHA256
345079dc726712f1a86b66eb205f1ba4c11785ae2d6bf6336843f80e6c98111d

SHA512
39cd360e8b1af7b5496d121705083f4814316f90c0920ac008dbc5369bb44924e4340f602c6a5697df83d64c71e2d6f38a91338e592c6bae38a9bf08425a4471

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe

Filesize
468KB

MD5
6cec1806711358493b887c819a5796e8

SHA1
009aab7e9a04b733daeee88572be4b2d7a491cea

SHA256
4863424f513e022a2ef062b79d333ab325f2f2225cfe73cccf3afd04a0258fc2

SHA512
68ee4b75f118738f88a53e0375e6605a512c4af3fb0db9e609d01eddb1be02ac1539cfc1a6589f1c68c8435fcc769a1b72aead6f6e1e79af20155b77ffd230b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe

Filesize
468KB

MD5
28140b796859908d409123c222c2381b

SHA1
76e6bc01d71df194fcb9174506b60f21b1410f8f

SHA256
46550ae22de034eb54ed18d856a35e8f89598d6d776630103fdf70dba7b714d7

SHA512
5bbb0ed22bc39f47e2636a6f5e2280061abb6c1248c161dcc50f6178472ed5c0cb3171314e6fa4a5569cfec6502d4699cec17c05fa1328f5a45edfaee5028eb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe

Filesize
468KB

MD5
22da4dd6cfef0a35a4d3260ca261bbf5

SHA1
1fd63e9ec0463eff1af54e0cdc2a91a5c6bd9335

SHA256
767eabcb31fbbe1528b54e650bebfbffe5c4817bcdb7afbfab56f3f747404c04

SHA512
5beeefaa225ad9a11147738978a7d597a4d16c099a7cf502be674572cd9cbb59929e21b890472a6cb89a8afbdd84016620c0451fe668b64065041a26043ab78c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe

Filesize
468KB

MD5
144d1e1489068c3ad8137aa549f88df0

SHA1
58e68813d76e80867f05b4a88503c3556c760e46

SHA256
e1621d246ff453c3813b237eba166850e18500281dbaafc741113481125cd6fa

SHA512
448b8f422dbf3ea163fe83d5225bf484f86bd47fa7f352955d16eda8fdb169005ea788065504c8431943280261380e00f80b45b4161ffd2525340a1cc45c9f8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe

Filesize
468KB

MD5
a9d4cedfbd95e5f9a664610a93813e97

SHA1
f0d20620a5c7f95e54ebcd71c3900ad804c12502

SHA256
1eef15fdadb744d7c8ca6099cb11c291db51d9b2bfc9c86a84e1923b1e8eac89

SHA512
1fe3a5b1c51bafc2b669260e4ce58792bcf0b75215e4104619860cfe66e65c1cf148d0558b3e83b89e059bb48f4be0c1bf7212500d89548432c6a36414594c81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe

Filesize
468KB

MD5
57fea5ae1eabdde0e39a7e91ac852f1b

SHA1
5d25872186061c40033f82b52ddabe24f36e00ea

SHA256
f61d46a6a9ee9cdaa5a328278379fa296c2c1a227e5a8c70f5d4a12c96b69fa3

SHA512
bb12f8faaa98977017a2be2efae2a6ab759c3a1d2b0643869347abe175d6e779edaa3bcbd61416265976086b29fe23fabb615208331af2a52d70a216cf4bd239

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe

Filesize
468KB

MD5
17faf31f2b3ebf2a1e045b60bb6fd88b

SHA1
900a67b84e66d5f494be56f0b77d84cb014c1361

SHA256
f0822316e85029c28f5f440c9b0268811c87b5decb5c1f97ddf1a70ebbc69795

SHA512
9520a09a9d448fb43dd4a501306941f6bc1394e746e2f43af72f549cfc0480165f97bc7378bb11c6777f059ccc0ec161d6d0945394ad004cc3bb21f73ac7e9a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe

Filesize
468KB

MD5
ac46c3a7980a4e0b947715f136ec661b

SHA1
f6a79112ecaacda16210c72c473aa229b85aa07c

SHA256
1298136123620d97dbdfac7c230f5fd7b33a912c5d857b5062fb51730c7d201a

SHA512
ea99fe030b7902d7884f064aa85fbc7a3939d8230eb002d17d7f74823f835e1cdc50ec107d6825837b100b82383358b516d2cdf91f37cd2b2ff0518ed27f43e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe

Filesize
468KB

MD5
c7c2dfda11b2ff8c62fa2ea5cfed27aa

SHA1
487fd16404a3998808b8d0fb3c85670a9dedf0f4

SHA256
22e637b029c87761d0fee9ab6dd357c7cea3e7fc1f8c608e316112de975efe64

SHA512
b7e34ecfec8c6b1288ebd194da9a20077091a644a1926ff012c08b0fb234e528bf791bf5a60c995207ab44ab54b96dc7d1d60943079f1e12162e44e4cbd67544

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe

Filesize
468KB

MD5
444f08949b86481f1e56732c9566d91e

SHA1
951b904d4521cb9fb3bc1baa508eb4aa464f4d61

SHA256
ccf3dbc62341bc0b9a307e2d90687035652b56795d5bd4de513a06cd7a7e3e6f

SHA512
b308553dc2754884fd2d87cb33ada983404d3c6ff89cad79551525480569dc001b2fdb9c9f7241e832d3607c6f44266b175e4c2cc086a95654608684f43c34ff

Download Submit
memory/288-21-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/288-303-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/288-154-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/288-173-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/288-300-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/288-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/300-262-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/300-269-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/300-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/532-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/532-381-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/532-382-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/680-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/820-405-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/820-222-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/820-407-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/820-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/820-221-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/1152-403-0x00000000007D0000-0x0000000000845000-memory.dmp

Filesize
468KB

Download
memory/1152-236-0x00000000007D0000-0x0000000000845000-memory.dmp

Filesize
468KB

Download
memory/1152-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1152-240-0x00000000007D0000-0x0000000000845000-memory.dmp

Filesize
468KB

Download
memory/1288-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1568-404-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/1568-400-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/1568-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1644-366-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/1644-365-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/1644-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1672-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1704-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2008-49-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2008-97-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2008-212-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2008-398-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2008-401-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2024-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2128-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2128-319-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2128-323-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2152-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-399-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/2180-337-0x0000000002580000-0x00000000025F5000-memory.dmp

Filesize
468KB

Download
memory/2180-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-198-0x0000000002580000-0x00000000025F5000-memory.dmp

Filesize
468KB

Download
memory/2180-332-0x0000000002580000-0x00000000025F5000-memory.dmp

Filesize
468KB

Download
memory/2180-197-0x0000000002580000-0x00000000025F5000-memory.dmp

Filesize
468KB

Download
memory/2264-172-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2264-10-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2264-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-11-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2264-153-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2264-374-0x00000000026B0000-0x0000000002725000-memory.dmp

Filesize
468KB

Download
memory/2264-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2524-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2524-301-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/2524-298-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/2556-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-315-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/2636-147-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/2636-316-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/2636-139-0x0000000001D50000-0x0000000001DC5000-memory.dmp

Filesize
468KB

Download
memory/2636-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2664-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-132-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2760-356-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2760-126-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2760-355-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2784-255-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2784-256-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2784-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-336-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2856-339-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2892-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-231-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2892-232-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2916-282-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2916-175-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2916-171-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2916-286-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2916-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2920-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2968-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-280-0x0000000001DC0000-0x0000000001E35000-memory.dmp

Filesize
468KB

Download
memory/2988-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-276-0x0000000001DC0000-0x0000000001E35000-memory.dmp

Filesize
468KB

Download
memory/3024-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download