8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
Size

468KB
MD5

52d55dc376b62026fb7be3874565f250
SHA1

edf00e7a3d645457a31f66fd3fcb647f74674645
SHA256

8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257
SHA512

8198c46f534843fa9b559f36e469d5e1160422538636abf6c992c2e72c523346f9c0369086c2ce5c4d0c550257eafe01f7a58cb482c07c937d55f452b1eac880
SSDEEP

3072:yb01oghEIY5AtbYnzfHTffCL0ZUq+pphJEHCYVmZvxZL/HIseylM:yb+owYAtgz/Tff+frBvx1PIse

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2332	Unicorn-26898.exe
2444	Unicorn-26789.exe
2908	Unicorn-64292.exe
2892	Unicorn-59399.exe
2756	Unicorn-40825.exe
2728	Unicorn-16229.exe
1664	Unicorn-53732.exe
2672	Unicorn-49176.exe
3068	Unicorn-63929.exe
2832	Unicorn-20972.exe
2184	Unicorn-8719.exe
2380	Unicorn-8719.exe
368	Unicorn-39181.exe
2864	Unicorn-37670.exe
1580	Unicorn-51406.exe
2568	Unicorn-61511.exe
968	Unicorn-29201.exe
2312	Unicorn-41475.exe
2080	Unicorn-48060.exe
2256	Unicorn-17163.exe
576	Unicorn-15771.exe
1980	Unicorn-54111.exe
2272	Unicorn-41402.exe
1728	Unicorn-41667.exe
1928	Unicorn-49927.exe
2180	Unicorn-25331.exe
1320	Unicorn-38251.exe
1644	Unicorn-15600.exe
1540	Unicorn-65356.exe
1360	Unicorn-50411.exe
2412	Unicorn-59955.exe
1472	Unicorn-33883.exe
1476	Unicorn-21884.exe
2040	Unicorn-25222.exe
1596	Unicorn-4701.exe
1600	Unicorn-47588.exe
2536	Unicorn-11962.exe
2464	Unicorn-62554.exe
2704	Unicorn-50202.exe
2796	Unicorn-41942.exe
2880	Unicorn-9632.exe
1852	Unicorn-15876.exe
2628	Unicorn-36850.exe
2708	Unicorn-5377.exe
2716	Unicorn-12730.exe
2416	Unicorn-8091.exe
2572	Unicorn-41318.exe
2956	Unicorn-36488.exe
2632	Unicorn-36488.exe
1272	Unicorn-915.exe
1720	Unicorn-59490.exe
1972	Unicorn-8435.exe
1128	Unicorn-62613.exe
2836	Unicorn-10289.exe
1264	Unicorn-32848.exe
2560	Unicorn-61991.exe
2996	Unicorn-33424.exe
1372	Unicorn-30963.exe
2436	Unicorn-27814.exe
1468	Unicorn-11742.exe
2280	Unicorn-46553.exe
2400	Unicorn-25941.exe
1688	Unicorn-43599.exe
1696	Unicorn-26060.exe

Loads dropped DLL 64 IoCs

pid	Process
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
2332	Unicorn-26898.exe
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
2332	Unicorn-26898.exe
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
2908	Unicorn-64292.exe
2908	Unicorn-64292.exe
2444	Unicorn-26789.exe
2444	Unicorn-26789.exe
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
2332	Unicorn-26898.exe
2332	Unicorn-26898.exe
2892	Unicorn-59399.exe
2892	Unicorn-59399.exe
2908	Unicorn-64292.exe
2908	Unicorn-64292.exe
2756	Unicorn-40825.exe
2756	Unicorn-40825.exe
1664	Unicorn-53732.exe
1664	Unicorn-53732.exe
2728	Unicorn-16229.exe
2728	Unicorn-16229.exe
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
2332	Unicorn-26898.exe
2444	Unicorn-26789.exe
2444	Unicorn-26789.exe
2332	Unicorn-26898.exe
2672	Unicorn-49176.exe
2672	Unicorn-49176.exe
2892	Unicorn-59399.exe
2892	Unicorn-59399.exe
2832	Unicorn-20972.exe
2832	Unicorn-20972.exe
2756	Unicorn-40825.exe
2756	Unicorn-40825.exe
2380	Unicorn-8719.exe
2380	Unicorn-8719.exe
1580	Unicorn-51406.exe
2728	Unicorn-16229.exe
1580	Unicorn-51406.exe
2728	Unicorn-16229.exe
2332	Unicorn-26898.exe
2332	Unicorn-26898.exe
3068	Unicorn-63929.exe
3068	Unicorn-63929.exe
2908	Unicorn-64292.exe
2908	Unicorn-64292.exe
2864	Unicorn-37670.exe
2864	Unicorn-37670.exe
2444	Unicorn-26789.exe
1664	Unicorn-53732.exe
368	Unicorn-39181.exe
2444	Unicorn-26789.exe
2184	Unicorn-8719.exe
1664	Unicorn-53732.exe
368	Unicorn-39181.exe
2184	Unicorn-8719.exe
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
2568	Unicorn-61511.exe
2568	Unicorn-61511.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3844	2752	WerFault.exe	102

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39562.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
2332	Unicorn-26898.exe
2908	Unicorn-64292.exe
2444	Unicorn-26789.exe
2892	Unicorn-59399.exe
2728	Unicorn-16229.exe
2756	Unicorn-40825.exe
1664	Unicorn-53732.exe
2672	Unicorn-49176.exe
2832	Unicorn-20972.exe
3068	Unicorn-63929.exe
2380	Unicorn-8719.exe
1580	Unicorn-51406.exe
2184	Unicorn-8719.exe
2864	Unicorn-37670.exe
368	Unicorn-39181.exe
2568	Unicorn-61511.exe
968	Unicorn-29201.exe
2312	Unicorn-41475.exe
2080	Unicorn-48060.exe
2256	Unicorn-17163.exe
576	Unicorn-15771.exe
1980	Unicorn-54111.exe
2272	Unicorn-41402.exe
1728	Unicorn-41667.exe
2180	Unicorn-25331.exe
1540	Unicorn-65356.exe
1644	Unicorn-15600.exe
1320	Unicorn-38251.exe
1360	Unicorn-50411.exe
2412	Unicorn-59955.exe
1928	Unicorn-49927.exe
1472	Unicorn-33883.exe
1476	Unicorn-21884.exe
2040	Unicorn-25222.exe
1600	Unicorn-47588.exe
2464	Unicorn-62554.exe
1596	Unicorn-4701.exe
2536	Unicorn-11962.exe
2704	Unicorn-50202.exe
2796	Unicorn-41942.exe
2880	Unicorn-9632.exe
1852	Unicorn-15876.exe
2628	Unicorn-36850.exe
2708	Unicorn-5377.exe
2572	Unicorn-41318.exe
2716	Unicorn-12730.exe
2416	Unicorn-8091.exe
2956	Unicorn-36488.exe
2632	Unicorn-36488.exe
1720	Unicorn-59490.exe
1972	Unicorn-8435.exe
1272	Unicorn-915.exe
2836	Unicorn-10289.exe
1128	Unicorn-62613.exe
2560	Unicorn-61991.exe
2996	Unicorn-33424.exe
1372	Unicorn-30963.exe
1264	Unicorn-32848.exe
2436	Unicorn-27814.exe
2280	Unicorn-46553.exe
2400	Unicorn-25941.exe
1468	Unicorn-11742.exe
1688	Unicorn-43599.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2332	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	29
PID 1976 wrote to memory of 2332	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	29
PID 1976 wrote to memory of 2332	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	29
PID 1976 wrote to memory of 2332	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	29
PID 2332 wrote to memory of 2444	2332	Unicorn-26898.exe	30
PID 2332 wrote to memory of 2444	2332	Unicorn-26898.exe	30
PID 2332 wrote to memory of 2444	2332	Unicorn-26898.exe	30
PID 2332 wrote to memory of 2444	2332	Unicorn-26898.exe	30
PID 1976 wrote to memory of 2908	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	31
PID 1976 wrote to memory of 2908	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	31
PID 1976 wrote to memory of 2908	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	31
PID 1976 wrote to memory of 2908	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	31
PID 2908 wrote to memory of 2892	2908	Unicorn-64292.exe	32
PID 2908 wrote to memory of 2892	2908	Unicorn-64292.exe	32
PID 2908 wrote to memory of 2892	2908	Unicorn-64292.exe	32
PID 2908 wrote to memory of 2892	2908	Unicorn-64292.exe	32
PID 2444 wrote to memory of 2728	2444	Unicorn-26789.exe	33
PID 2444 wrote to memory of 2728	2444	Unicorn-26789.exe	33
PID 2444 wrote to memory of 2728	2444	Unicorn-26789.exe	33
PID 2444 wrote to memory of 2728	2444	Unicorn-26789.exe	33
PID 1976 wrote to memory of 2756	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	34
PID 1976 wrote to memory of 2756	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	34
PID 1976 wrote to memory of 2756	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	34
PID 1976 wrote to memory of 2756	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	34
PID 2332 wrote to memory of 1664	2332	Unicorn-26898.exe	35
PID 2332 wrote to memory of 1664	2332	Unicorn-26898.exe	35
PID 2332 wrote to memory of 1664	2332	Unicorn-26898.exe	35
PID 2332 wrote to memory of 1664	2332	Unicorn-26898.exe	35
PID 2892 wrote to memory of 2672	2892	Unicorn-59399.exe	36
PID 2892 wrote to memory of 2672	2892	Unicorn-59399.exe	36
PID 2892 wrote to memory of 2672	2892	Unicorn-59399.exe	36
PID 2892 wrote to memory of 2672	2892	Unicorn-59399.exe	36
PID 2908 wrote to memory of 3068	2908	Unicorn-64292.exe	37
PID 2908 wrote to memory of 3068	2908	Unicorn-64292.exe	37
PID 2908 wrote to memory of 3068	2908	Unicorn-64292.exe	37
PID 2908 wrote to memory of 3068	2908	Unicorn-64292.exe	37
PID 2756 wrote to memory of 2832	2756	Unicorn-40825.exe	38
PID 2756 wrote to memory of 2832	2756	Unicorn-40825.exe	38
PID 2756 wrote to memory of 2832	2756	Unicorn-40825.exe	38
PID 2756 wrote to memory of 2832	2756	Unicorn-40825.exe	38
PID 1664 wrote to memory of 2184	1664	Unicorn-53732.exe	39
PID 1664 wrote to memory of 2184	1664	Unicorn-53732.exe	39
PID 1664 wrote to memory of 2184	1664	Unicorn-53732.exe	39
PID 1664 wrote to memory of 2184	1664	Unicorn-53732.exe	39
PID 2728 wrote to memory of 2380	2728	Unicorn-16229.exe	40
PID 2728 wrote to memory of 2380	2728	Unicorn-16229.exe	40
PID 2728 wrote to memory of 2380	2728	Unicorn-16229.exe	40
PID 2728 wrote to memory of 2380	2728	Unicorn-16229.exe	40
PID 1976 wrote to memory of 368	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	41
PID 1976 wrote to memory of 368	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	41
PID 1976 wrote to memory of 368	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	41
PID 1976 wrote to memory of 368	1976	8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe	41
PID 2444 wrote to memory of 2864	2444	Unicorn-26789.exe	43
PID 2444 wrote to memory of 2864	2444	Unicorn-26789.exe	43
PID 2444 wrote to memory of 2864	2444	Unicorn-26789.exe	43
PID 2444 wrote to memory of 2864	2444	Unicorn-26789.exe	43
PID 2332 wrote to memory of 1580	2332	Unicorn-26898.exe	42
PID 2332 wrote to memory of 1580	2332	Unicorn-26898.exe	42
PID 2332 wrote to memory of 1580	2332	Unicorn-26898.exe	42
PID 2332 wrote to memory of 1580	2332	Unicorn-26898.exe	42
PID 2672 wrote to memory of 2568	2672	Unicorn-49176.exe	44
PID 2672 wrote to memory of 2568	2672	Unicorn-49176.exe	44
PID 2672 wrote to memory of 2568	2672	Unicorn-49176.exe	44
PID 2672 wrote to memory of 2568	2672	Unicorn-49176.exe	44

C:\Users\Admin\AppData\Local\Temp\8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe
"C:\Users\Admin\AppData\Local\Temp\8d0e5245facef59159f523c9e58e3cd79af2d7a9ceeb389a85d17f3374f4d257N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        8⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        7⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31197.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        7⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        7⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        6⤵
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        7⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        7⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21181.exe
        6⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29391.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        7⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        6⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        6⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        7⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6863.exe
        7⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        6⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        6⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        5⤵
        
        PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
        5⤵
        
        PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        5⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
      4⤵
      Executes dropped EXE
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2579.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
      4⤵
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
      4⤵
      PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
      4⤵
      PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
      4⤵
      PID:5912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        6⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        6⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25147.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        7⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        7⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        6⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8234.exe
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        5⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28510.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
      4⤵
      PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
      4⤵
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
      4⤵
      PID:6112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        6⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        5⤵
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40679.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
      4⤵
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      4⤵
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      4⤵
      PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        5⤵
        
        PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
      4⤵
      PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
      4⤵
      PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11449.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
      4⤵
      PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
      4⤵
      PID:5940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
    3⤵
    PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
    3⤵
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
    3⤵
    PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20791.exe
    3⤵
    PID:5500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        7⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        6⤵
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        6⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8646.exe
        6⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29314.exe
        6⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        7⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        6⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        6⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 220
        7⤵
        Program crash
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        7⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10870.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        5⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65515.exe
        6⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
        5⤵
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        5⤵
        
        PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
      4⤵
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
      4⤵
      PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
      4⤵
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        7⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        6⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        5⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        6⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        6⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        5⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        5⤵
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32157.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
        5⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        6⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        5⤵
        
        PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
      4⤵
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47555.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      4⤵
      PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
      4⤵
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
      4⤵
      PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49927.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
      4⤵
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        5⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
      4⤵
      PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
      4⤵
      PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
      4⤵
      PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
      4⤵
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
      4⤵
      PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
    3⤵
    PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
    3⤵
    PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
    3⤵
    PID:784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
    3⤵
    PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
    3⤵
    PID:5920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        6⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
        6⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        5⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        6⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        5⤵
        
        PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29740.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        5⤵
        
        PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
      4⤵
      PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
      4⤵
      PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62554.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        6⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
        5⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
      4⤵
      PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
      4⤵
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      4⤵
      PID:656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
      4⤵
      PID:5308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60117.exe
      4⤵
      PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
    3⤵
    PID:1308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
    3⤵
    PID:4112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
    3⤵
    PID:4328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15600.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8234.exe
      4⤵
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28493.exe
      4⤵
      PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
      4⤵
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
      4⤵
      PID:5448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
    3⤵
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
      4⤵
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42229.exe
    3⤵
    PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
    3⤵
    PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
    3⤵
    PID:4880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
      4⤵
      PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
    3⤵
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
      4⤵
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
    3⤵
    PID:3724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
    3⤵
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
    3⤵
    PID:4260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58141.exe
    3⤵
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
    3⤵
    PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
    3⤵
    PID:6044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
  2⤵
  PID:2700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
  2⤵
  PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7198.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7198.exe
  2⤵
  PID:3204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
  2⤵
  PID:4704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
  2⤵
  PID:5956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe

Filesize
468KB

MD5
88d5427f9821040db7c247adcef304fb

SHA1
278ba6f20e05a07c4bc92bb36bb1748782063b21

SHA256
b374b6acef2a25e20bd6853a97dad9c0201191dc1540314239232257dde1a103

SHA512
2eff0ea839715694bd0dc9891140bdca61268adb9fb862d748a0e21d242594ff415f013d571dfcba103af8aa6f4d87813b96c69c83e2f6edecb13cc06783d403

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe

Filesize
468KB

MD5
2a31ecb5f2be5674c52f3142ebfea630

SHA1
6069387752fb1afce3b62bf534de63fc5c579f83

SHA256
f492003e6e075fafc9cdcb18e0b9918adeea23f37047a96b7319586530088d7e

SHA512
146fdac2789a7dc5e3e7e1cc192c75a0e9dbb6180afd83c9db95b58e4ee032ea35cf8cb97cc895c99802172acd8cda4ab5350ce94d20d65915cd5f8c6736a1f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe

Filesize
468KB

MD5
278c0a69fe0bee235147259f4690d61c

SHA1
785c19eb3740812e7f6bc65287afaf58a95b1e20

SHA256
a810e1fddd509503d1998291b5ba0f6afabadd47993460c5bd3f8390f55ef970

SHA512
c679293003c50f8af31aa487a6d20d01313b845f8a15298be614cadc166595e738bb35cf83987e2c9792854dc2795d18f896861735223b34a7a3b0298873d74f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe

Filesize
468KB

MD5
c5ed56b12bd6ed24f06d0cc896c651cf

SHA1
c3f1df863f24604ba61558b5ec47e62d8d690497

SHA256
071a5b339c29aa0311e14a9e0f042467843579f0d388a29e674d24e577433961

SHA512
cb861f1a44700ca1709ae3d1a0e72c66b4be199b47179ec45c66465e200e97ffe30cf6610f832586719b37eadb208655f4fa4850d25fdbfad759b41a4521a68d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe

Filesize
468KB

MD5
0717680b5245fd3aaf46ce8fc306910a

SHA1
f57947ba96071311cc7edd0663c4e2e3d9aacf8c

SHA256
e765d06a124f1f34acf518ac088a0caa79408f6827edc70a68f471e4afde457b

SHA512
6f0163da753d5db07464d058f8466494522cdc5133ab976d3c40272714361dc327c3655b5473c9c24e7b904621504a6b896fdcfa553b18e7c131a3f811e73d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe

Filesize
468KB

MD5
192eab8918b3c3fe7bb4144f3b307087

SHA1
bc3c7b38b5b480b1a5a4435ca2252973a7736fd0

SHA256
04e720281b6c5500166ed5281b2d958b5ffc759e1cba28201d30af904a94f934

SHA512
ca2d0f938c42f66fb50f8b7f68c91da8ffb56379edb3ec7c1e8ac7edf37decc857efaac6355127ac4ef66f6d176b48f56bbd3082ee249b6fa704534df39b83bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe

Filesize
468KB

MD5
6c2005ceefc41bdc29c45491e3f3493c

SHA1
2479aefc1ab6475ebf52a28751ded2e1f5014968

SHA256
9c353d1e94f3ec6edac886295a223b23b18abc9ba217d9c4eb8c297b5a6789e7

SHA512
053b5e6e3bfe43ce65f395f745cf54cacb4945fc9565b309eab6ea21642433fe403847a194c322da75da661b8b8929ec6420ca46a6acfdc54ab037070d98baed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe

Filesize
468KB

MD5
333a85895464052659b7939acbc87891

SHA1
306361c9bd3ef0b48ee9b8eae64a517b318a4491

SHA256
9193b18f16b9dc7cb6ac5b30b46a883ce6965cd17e1bb4e971d67632d3d38001

SHA512
0a9fafb30dd274f0756ea9791e84f6b739545e21f1418b4972c092a23f1325d99eaa9e2c77eda38df88e9cb20bd954339365035e682de23371cae74af2b6e3ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe

Filesize
468KB

MD5
3189fd0ba014429deb67080025207e85

SHA1
536ca78454d5009bbe458c9e6f3155998baf10e6

SHA256
538b0c6eb70c51e98849825e7ac6b43b9ba3b984e5d815eae6b4f98ac0352c64

SHA512
055a7dcaf1b32af18c29036f90f0ee6f392e0457a1dbb1afd0753aa9e869e257dd41f02c5f085f356cf668c62dcd12090a8b11b449c7b484ba79581b6dcb95b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe

Filesize
468KB

MD5
48f32d7324f075e23b32907190d386e8

SHA1
b8246e9fb89db27adf50e17def03037265c23ce3

SHA256
822965f9cf5fbec4cec120806077663aae043ebae18b5190270a98d9da10309f

SHA512
a346de3c5e6f86451efca568a58ac5191e6293914c356da4f9020169fabfc91945736b448e4f61cce7d5ac74165c0d8759d6c2ab216a6b380f740d72a3aaeeb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe

Filesize
468KB

MD5
3796411a2a92b5e405e4b49752319243

SHA1
6d376f218014040ef07d481667334fae37a3b392

SHA256
9ccee31851fe15f85059ec271ae1098e66157df37328b64c05f44967081e8614

SHA512
ba1bbafe11fd23bcacb7b0a692c71d1947dd625c74df122229bc7f4dec6d46f6cab6b5ad4738f04a4cddab2a53d8547a46d3544f691f2477420635ce93af8008

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe

Filesize
468KB

MD5
da99ef755620e92c7481d3e311a6606e

SHA1
b4e8cc8483294de9c773b241833e5b842acab5fa

SHA256
8b4c5e12bde20df8f7035a964a6c1c5de541766ff520092cc05e51e0b8846c6c

SHA512
e55d0cc9d9f295c2d4da77c23e6d37852e0beb341ec93f781352f40d284f74443152fdce2e9099af69016972e9bd470fc54edeb3bbcfcb3c3324205e944d3bc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe

Filesize
468KB

MD5
3d87b071ed3487840e65554ebaabed85

SHA1
4fbd088acafbd493e52ef876a4501ddbf47fc2aa

SHA256
80a93270b85672714516c10e3f5389cf4f5a2afb7e6e0d241748a12f62e89391

SHA512
2d536662339634d0144fcebd61d7060b3361106164b467fa6ea7c95c4b6db13616c72dec0c8f5c57161bd87f841c20f526b00a57142894ccbfeb9a39e77f3043

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe

Filesize
468KB

MD5
276a58859374c305f8da2bb0504811bf

SHA1
421eab0f9d0f2f8580930e435ff5ac93844773b9

SHA256
1eaa348e6e3554504aaa4ddeca7cbe18ebde1569868ddad07563f65478c1f8fb

SHA512
f9f9e66f9740b4245203425663f4c5b151e5fa566c8ae67520126e144e090699dbccbdcec238ece7455e91009bdfcbfd8e21b97a28cbbe9fa81822dce0536906

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe

Filesize
468KB

MD5
65131635a1818a1e59a02f396debb28e

SHA1
c03cc3355fe761ff0466493ee9f9d39f6f0d27f0

SHA256
ec84027bcd50db5a3fcc42ad22d872435aaa8c3da90123c9c9f2147a7179d229

SHA512
3068c3adc2b01359eacaeec8c5688845ce12f5071bce6211d8ff2b33d51e1b32b1934b6d9de5814442f006286177921ee7829b8d112e065a78228105b0788f70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe

Filesize
468KB

MD5
92334ea7e263b210cbdb768aa909deed

SHA1
c217337f155610c1c9682f94c8289d7946f65f0e

SHA256
8dfc9d69ed1e335df34bccca10360cd5e411abd03cc63330cd2ee2c5f91d45bf

SHA512
b819da44622a840135662e4949af882884bd7f3113d62df2b57f884f6ef9fd7c246546fa547d58c6bc44f0c74f582e959b365ae808178707d02cc6cbd29b74e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe

Filesize
468KB

MD5
5a245c07d283eb4137a2313001a37c47

SHA1
69b472d5fd5dddf236e3a01ee70d8597e0c44b49

SHA256
0bcd32c1731b5f12205ce07ba925373ddf1a5e934915dbf6a83fb5778f7962df

SHA512
493a79a26d38088f72a089108ff833c360f094a491a829670c9ae7b115ec26ccdace434b3c68807605b014f6f2a2d1e7011deeadba9d34e5db94dbbda7cbfbf1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe

Filesize
468KB

MD5
cb59d4c1fb901dc01e537d56799cd896

SHA1
66a841266f4acc08c867cfdfdff463bdf32e1634

SHA256
ff660532a64e4ebfd235ccc28b943abc6dc0c0e9092e943631450fc1a5e7cf03

SHA512
93059b5995eac85cb63f9011662bdb4cc4c17ad22bac57ecd064e22a8b715493a499312bacc19e42f472b68b752e9668a00341f88366b54423a3ad447b05a657

Download Submit