714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
Size

468KB
MD5

75d270e6598f684b8eebdf87fff4dd40
SHA1

dab0cb70373163f040bd1c5b942f69568f42d24e
SHA256

714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67
SHA512

68040819c12df51ba6026e50753c87248c22adb87408fbeb4d112c48871484e30f667efd52af66952e0b29c695a6d59ef8dbc6c6ac18bb4d736fad2cfe5de974
SSDEEP

3072:4MeKoFI/IU57tbYtPzmjbfD/ECUHsIp9QmHeQVY0q2ELzP03dSlx:4Mro1c7tCPqjbf70kqq2+703d

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2172	Unicorn-6450.exe
2516	Unicorn-57929.exe
1392	Unicorn-12490.exe
2692	Unicorn-28773.exe
2744	Unicorn-14474.exe
1108	Unicorn-20605.exe
2752	Unicorn-49940.exe
2756	TempéUnicorn-20408.exe
1692	Unicorn-33214.exe
1924	Unicorn-53080.exe
2932	Unicorn-38856.exe
1912	Unicorn-18798.exe
2644	Unicorn-38399.exe
1388	Unicorn-32533.exe
1920	Unicorn-38664.exe
2180	Unicorn-20678.exe
1156	Unicorn-51989.exe
664	LocaléUnicorn-17087.exe
2976	Unicorn-33231.exe
1036	TempéUnicorn-62566.exe
1776	Unicorn-46806.exe
1604	Unicorn-58503.exe
2084	Unicorn-52373.exe
540	Unicorn-50335.exe
1460	Unicorn-63142.exe
572	Unicorn-49878.exe
2080	Unicorn-50143.exe
2540	Unicorn-50143.exe
1452	Unicorn-32389.exe
2248	Unicorn-43325.exe
2432	Unicorn-29587.exe
2452	Unicorn-49453.exe
2500	Unicorn-24024.exe
1716	Unicorn-43625.exe
2896	Unicorn-43890.exe
2292	AppDataéUnicorn-43890.exe
2680	LocaléUnicorn-24024.exe
1996	Unicorn-43698.exe
2560	Unicorn-23832.exe
2704	LocaléUnicorn-35530.exe
1564	Unicorn-62072.exe
2908	TempéUnicorn-36608.exe
2724	Unicorn-34570.exe
2876	Unicorn-34570.exe
2220	Unicorn-41584.exe
2324	Unicorn-39592.exe
1868	Unicorn-51290.exe
1724	Unicorn-43122.exe
1016	Unicorn-6288.exe
2484	Unicorn-11912.exe
1264	Unicorn-6047.exe
1060	Unicorn-12177.exe
2904	Unicorn-33475.exe
2460	Unicorn-13609.exe
2216	Unicorn-1378.exe
1084	Unicorn-55026.exe
2236	Unicorn-22161.exe
2232	Unicorn-19359.exe
1612	Unicorn-26375.exe
3020	Unicorn-51294.exe
564	Unicorn-26759.exe
2468	Unicorn-7704.exe
2952	Unicorn-34054.exe
352	AdminéUnicorn-40185.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
2172	Unicorn-6450.exe
2172	Unicorn-6450.exe
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
1392	Unicorn-12490.exe
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
1392	Unicorn-12490.exe
2516	Unicorn-57929.exe
2516	Unicorn-57929.exe
2172	Unicorn-6450.exe
2172	Unicorn-6450.exe
2692	Unicorn-28773.exe
2692	Unicorn-28773.exe
1392	Unicorn-12490.exe
1392	Unicorn-12490.exe
2744	Unicorn-14474.exe
2744	Unicorn-14474.exe
2752	Unicorn-49940.exe
2752	Unicorn-49940.exe
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
2516	Unicorn-57929.exe
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
2516	Unicorn-57929.exe
2172	Unicorn-6450.exe
2172	Unicorn-6450.exe
1108	Unicorn-20605.exe
1108	Unicorn-20605.exe
1692	Unicorn-33214.exe
1692	Unicorn-33214.exe
1392	Unicorn-12490.exe
1392	Unicorn-12490.exe
2756	TempéUnicorn-20408.exe
2756	TempéUnicorn-20408.exe
1912	Unicorn-18798.exe
1912	Unicorn-18798.exe
2692	Unicorn-28773.exe
2692	Unicorn-28773.exe
2752	Unicorn-49940.exe
2752	Unicorn-49940.exe
2516	Unicorn-57929.exe
1924	Unicorn-53080.exe
2516	Unicorn-57929.exe
1924	Unicorn-53080.exe
1388	Unicorn-32533.exe
1388	Unicorn-32533.exe
2744	Unicorn-14474.exe
2744	Unicorn-14474.exe
2172	Unicorn-6450.exe
1920	Unicorn-38664.exe
2644	Unicorn-38399.exe
2172	Unicorn-6450.exe
2644	Unicorn-38399.exe
1920	Unicorn-38664.exe
1108	Unicorn-20605.exe
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
1108	Unicorn-20605.exe
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
324	1460	WerFault.exe	55
3076	1732	WerFault.exe	119

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AdminéUnicorn-40185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LocaléUnicorn-10105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LocaléUnicorn-35530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AppDataéUnicorn-16238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LocaléUnicorn-5548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AdminéUnicorn-64773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempéUnicorn-20408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12648.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
2172	Unicorn-6450.exe
1392	Unicorn-12490.exe
2516	Unicorn-57929.exe
2692	Unicorn-28773.exe
2744	Unicorn-14474.exe
2752	Unicorn-49940.exe
1108	Unicorn-20605.exe
2756	TempéUnicorn-20408.exe
1692	Unicorn-33214.exe
2932	Unicorn-38856.exe
1924	Unicorn-53080.exe
1912	Unicorn-18798.exe
2644	Unicorn-38399.exe
1920	Unicorn-38664.exe
1388	Unicorn-32533.exe
2180	Unicorn-20678.exe
1156	Unicorn-51989.exe
664	LocaléUnicorn-17087.exe
1776	Unicorn-46806.exe
1036	TempéUnicorn-62566.exe
2976	Unicorn-33231.exe
1604	Unicorn-58503.exe
2084	Unicorn-52373.exe
540	Unicorn-50335.exe
1460	Unicorn-63142.exe
2080	Unicorn-50143.exe
572	Unicorn-49878.exe
1452	Unicorn-32389.exe
2248	Unicorn-43325.exe
2540	Unicorn-50143.exe
2432	Unicorn-29587.exe
2452	Unicorn-49453.exe
2500	Unicorn-24024.exe
2896	Unicorn-43890.exe
2292	AppDataéUnicorn-43890.exe
1716	Unicorn-43625.exe
2680	LocaléUnicorn-24024.exe
2560	Unicorn-23832.exe
2704	LocaléUnicorn-35530.exe
1996	Unicorn-43698.exe
1564	Unicorn-62072.exe
2908	TempéUnicorn-36608.exe
2876	Unicorn-34570.exe
2220	Unicorn-41584.exe
2324	Unicorn-39592.exe
1868	Unicorn-51290.exe
1724	Unicorn-43122.exe
1016	Unicorn-6288.exe
1264	Unicorn-6047.exe
1060	Unicorn-12177.exe
2484	Unicorn-11912.exe
2904	Unicorn-33475.exe
2460	Unicorn-13609.exe
1084	Unicorn-55026.exe
2216	Unicorn-1378.exe
2236	Unicorn-22161.exe
2232	Unicorn-19359.exe
1612	Unicorn-26375.exe
3020	Unicorn-51294.exe
564	Unicorn-26759.exe
2468	Unicorn-7704.exe
2952	Unicorn-34054.exe
352	AdminéUnicorn-40185.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2172	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	31
PID 2528 wrote to memory of 2172	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	31
PID 2528 wrote to memory of 2172	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	31
PID 2528 wrote to memory of 2172	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	31
PID 2172 wrote to memory of 2516	2172	Unicorn-6450.exe	32
PID 2172 wrote to memory of 2516	2172	Unicorn-6450.exe	32
PID 2172 wrote to memory of 2516	2172	Unicorn-6450.exe	32
PID 2172 wrote to memory of 2516	2172	Unicorn-6450.exe	32
PID 2528 wrote to memory of 1392	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	33
PID 2528 wrote to memory of 1392	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	33
PID 2528 wrote to memory of 1392	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	33
PID 2528 wrote to memory of 1392	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	33
PID 2528 wrote to memory of 2744	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	34
PID 2528 wrote to memory of 2744	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	34
PID 2528 wrote to memory of 2744	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	34
PID 2528 wrote to memory of 2744	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	34
PID 1392 wrote to memory of 2692	1392	Unicorn-12490.exe	35
PID 1392 wrote to memory of 2692	1392	Unicorn-12490.exe	35
PID 1392 wrote to memory of 2692	1392	Unicorn-12490.exe	35
PID 1392 wrote to memory of 2692	1392	Unicorn-12490.exe	35
PID 2516 wrote to memory of 1108	2516	Unicorn-57929.exe	36
PID 2516 wrote to memory of 1108	2516	Unicorn-57929.exe	36
PID 2516 wrote to memory of 1108	2516	Unicorn-57929.exe	36
PID 2516 wrote to memory of 1108	2516	Unicorn-57929.exe	36
PID 2172 wrote to memory of 2752	2172	Unicorn-6450.exe	37
PID 2172 wrote to memory of 2752	2172	Unicorn-6450.exe	37
PID 2172 wrote to memory of 2752	2172	Unicorn-6450.exe	37
PID 2172 wrote to memory of 2752	2172	Unicorn-6450.exe	37
PID 2692 wrote to memory of 2756	2692	Unicorn-28773.exe	38
PID 2692 wrote to memory of 2756	2692	Unicorn-28773.exe	38
PID 2692 wrote to memory of 2756	2692	Unicorn-28773.exe	38
PID 2692 wrote to memory of 2756	2692	Unicorn-28773.exe	38
PID 1392 wrote to memory of 1692	1392	Unicorn-12490.exe	39
PID 1392 wrote to memory of 1692	1392	Unicorn-12490.exe	39
PID 1392 wrote to memory of 1692	1392	Unicorn-12490.exe	39
PID 1392 wrote to memory of 1692	1392	Unicorn-12490.exe	39
PID 2744 wrote to memory of 1924	2744	Unicorn-14474.exe	40
PID 2744 wrote to memory of 1924	2744	Unicorn-14474.exe	40
PID 2744 wrote to memory of 1924	2744	Unicorn-14474.exe	40
PID 2744 wrote to memory of 1924	2744	Unicorn-14474.exe	40
PID 2752 wrote to memory of 2932	2752	Unicorn-49940.exe	41
PID 2752 wrote to memory of 2932	2752	Unicorn-49940.exe	41
PID 2752 wrote to memory of 2932	2752	Unicorn-49940.exe	41
PID 2752 wrote to memory of 2932	2752	Unicorn-49940.exe	41
PID 2528 wrote to memory of 2644	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	42
PID 2528 wrote to memory of 2644	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	42
PID 2528 wrote to memory of 2644	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	42
PID 2528 wrote to memory of 2644	2528	714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe	42
PID 2516 wrote to memory of 1912	2516	Unicorn-57929.exe	43
PID 2516 wrote to memory of 1912	2516	Unicorn-57929.exe	43
PID 2516 wrote to memory of 1912	2516	Unicorn-57929.exe	43
PID 2516 wrote to memory of 1912	2516	Unicorn-57929.exe	43
PID 2172 wrote to memory of 1388	2172	Unicorn-6450.exe	44
PID 2172 wrote to memory of 1388	2172	Unicorn-6450.exe	44
PID 2172 wrote to memory of 1388	2172	Unicorn-6450.exe	44
PID 2172 wrote to memory of 1388	2172	Unicorn-6450.exe	44
PID 1108 wrote to memory of 1920	1108	Unicorn-20605.exe	45
PID 1108 wrote to memory of 1920	1108	Unicorn-20605.exe	45
PID 1108 wrote to memory of 1920	1108	Unicorn-20605.exe	45
PID 1108 wrote to memory of 1920	1108	Unicorn-20605.exe	45
PID 1692 wrote to memory of 2180	1692	Unicorn-33214.exe	46
PID 1692 wrote to memory of 2180	1692	Unicorn-33214.exe	46
PID 1692 wrote to memory of 2180	1692	Unicorn-33214.exe	46
PID 1692 wrote to memory of 2180	1692	Unicorn-33214.exe	46

C:\Users\Admin\AppData\Local\Temp\714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe
"C:\Users\Admin\AppData\Local\Temp\714f5e5587e52fa94e172959dfd0e8c1c729c335b8578b0f155f3f89f2356b67N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7640.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        9⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        9⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        8⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        7⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        8⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        7⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        6⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        7⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18030.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        7⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        7⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        6⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1024.exe
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        6⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        5⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5326.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        5⤵
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12337.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        7⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        6⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        7⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        7⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        6⤵
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        6⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54109.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21417.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
        5⤵
        
        PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        6⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        5⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        5⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9487.exe
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
      4⤵
      PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
      4⤵
      PID:5844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2025.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        6⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        6⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
        5⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        6⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57006.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        5⤵
        
        PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46806.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15216.exe
        6⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        6⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        5⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        5⤵
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21040.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
      4⤵
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        6⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        7⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        5⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        6⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        5⤵
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        6⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        5⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        5⤵
        
        PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
      4⤵
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
      4⤵
      PID:6136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        5⤵
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
      4⤵
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
      4⤵
      PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
      4⤵
      PID:5656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
      4⤵
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        5⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
      4⤵
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
      4⤵
      PID:5596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
    3⤵
    PID:1732
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
      4⤵
      Program crash
      PID:3076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
    3⤵
    PID:4632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
    3⤵
    PID:5700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\TempéUnicorn-20408.exe
      C:\Users\Admin\AppData\Local\TempéUnicorn-20408.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\LocaléUnicorn-17087.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-17087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
      - C:\Users\Admin\AppDataéUnicorn-43890.exe
        
        C:\Users\Admin\AppDataéUnicorn-43890.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\AdminéUnicorn-40185.exe
        
        C:\Users\AdminéUnicorn-40185.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\UserséUnicorn-4373.exe
        
        C:\UserséUnicorn-4373.exe
        8⤵
        
        PID:2964
        
        C:\UserséUnicorn-59991.exe
        
        C:\UserséUnicorn-59991.exe
        8⤵
        
        PID:3212
        
        C:\UserséUnicorn-4396.exe
        
        C:\UserséUnicorn-4396.exe
        8⤵
        
        PID:4596
        
        C:\UserséUnicorn-20332.exe
        
        C:\UserséUnicorn-20332.exe
        8⤵
        
        PID:5776
        
        C:\Users\AdminéUnicorn-22525.exe
        
        C:\Users\AdminéUnicorn-22525.exe
        7⤵
        
        PID:1848
        
        C:\Users\AdminéUnicorn-32055.exe
        
        C:\Users\AdminéUnicorn-32055.exe
        7⤵
        
        PID:4004
        
        C:\Users\AdminéUnicorn-13461.exe
        
        C:\Users\AdminéUnicorn-13461.exe
        7⤵
        
        PID:1188
        
        C:\Users\AdminéUnicorn-7573.exe
        
        C:\Users\AdminéUnicorn-7573.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppDataéUnicorn-53568.exe
        
        C:\Users\Admin\AppDataéUnicorn-53568.exe
        6⤵
        
        PID:1020
        
        C:\Users\AdminéUnicorn-44477.exe
        
        C:\Users\AdminéUnicorn-44477.exe
        7⤵
        
        PID:2020
        
        C:\Users\AdminéUnicorn-58585.exe
        
        C:\Users\AdminéUnicorn-58585.exe
        7⤵
        
        PID:3136
        
        C:\Users\AdminéUnicorn-64773.exe
        
        C:\Users\AdminéUnicorn-64773.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
        
        C:\Users\AdminéUnicorn-48911.exe
        
        C:\Users\AdminéUnicorn-48911.exe
        7⤵
        
        PID:5204
      - C:\Users\Admin\AppDataéUnicorn-38347.exe
        
        C:\Users\Admin\AppDataéUnicorn-38347.exe
        6⤵
        
        PID:804
      - C:\Users\Admin\AppDataéUnicorn-20816.exe
        
        C:\Users\Admin\AppDataéUnicorn-20816.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppDataéUnicorn-4796.exe
        
        C:\Users\Admin\AppDataéUnicorn-4796.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppDataéUnicorn-23710.exe
        
        C:\Users\Admin\AppDataéUnicorn-23710.exe
        6⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\LocaléUnicorn-24024.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-24024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppDataéUnicorn-35198.exe
        
        C:\Users\Admin\AppDataéUnicorn-35198.exe
        6⤵
        
        PID:2916
        
        C:\Users\AdminéUnicorn-47760.exe
        
        C:\Users\AdminéUnicorn-47760.exe
        7⤵
        
        PID:3284
        
        C:\Users\AdminéUnicorn-56198.exe
        
        C:\Users\AdminéUnicorn-56198.exe
        7⤵
        
        PID:4860
        
        C:\Users\AdminéUnicorn-22635.exe
        
        C:\Users\AdminéUnicorn-22635.exe
        7⤵
        
        PID:5644
      - C:\Users\Admin\AppDataéUnicorn-24995.exe
        
        C:\Users\Admin\AppDataéUnicorn-24995.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppDataéUnicorn-6783.exe
        
        C:\Users\Admin\AppDataéUnicorn-6783.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppDataéUnicorn-5101.exe
        
        C:\Users\Admin\AppDataéUnicorn-5101.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppDataéUnicorn-40246.exe
        
        C:\Users\Admin\AppDataéUnicorn-40246.exe
        6⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\LocaléUnicorn-3027.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-3027.exe
        5⤵
        
        PID:1780
      - C:\Users\Admin\AppDataéUnicorn-21600.exe
        
        C:\Users\Admin\AppDataéUnicorn-21600.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppDataéUnicorn-33343.exe
        
        C:\Users\Admin\AppDataéUnicorn-33343.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppDataéUnicorn-7596.exe
        
        C:\Users\Admin\AppDataéUnicorn-7596.exe
        6⤵
        
        PID:2668
      - C:\Users\Admin\AppDataéUnicorn-16238.exe
        
        C:\Users\Admin\AppDataéUnicorn-16238.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
    - - C:\Users\Admin\AppData\LocaléUnicorn-27417.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-27417.exe
        5⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\LocaléUnicorn-12151.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-12151.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\LocaléUnicorn-53798.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-53798.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\LocaléUnicorn-40776.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-40776.exe
        5⤵
        
        PID:5540
  - - C:\Users\Admin\AppData\Local\TempéUnicorn-62566.exe
      C:\Users\Admin\AppData\Local\TempéUnicorn-62566.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\LocaléUnicorn-35530.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-35530.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppDataéUnicorn-23273.exe
        
        C:\Users\Admin\AppDataéUnicorn-23273.exe
        6⤵
        
        PID:1712
        
        C:\Users\AdminéUnicorn-50681.exe
        
        C:\Users\AdminéUnicorn-50681.exe
        7⤵
        
        PID:3500
        
        C:\Users\AdminéUnicorn-33343.exe
        
        C:\Users\AdminéUnicorn-33343.exe
        7⤵
        
        PID:4700
        
        C:\Users\AdminéUnicorn-64773.exe
        
        C:\Users\AdminéUnicorn-64773.exe
        7⤵
        
        PID:4684
        
        C:\Users\AdminéUnicorn-48911.exe
        
        C:\Users\AdminéUnicorn-48911.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppDataéUnicorn-24611.exe
        
        C:\Users\Admin\AppDataéUnicorn-24611.exe
        6⤵
        
        PID:2656
      - C:\Users\Admin\AppDataéUnicorn-64152.exe
        
        C:\Users\Admin\AppDataéUnicorn-64152.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppDataéUnicorn-13461.exe
        
        C:\Users\Admin\AppDataéUnicorn-13461.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppDataéUnicorn-40246.exe
        
        C:\Users\Admin\AppDataéUnicorn-40246.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\LocaléUnicorn-11959.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-11959.exe
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppDataéUnicorn-59970.exe
        
        C:\Users\Admin\AppDataéUnicorn-59970.exe
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppDataéUnicorn-58585.exe
        
        C:\Users\Admin\AppDataéUnicorn-58585.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppDataéUnicorn-64773.exe
        
        C:\Users\Admin\AppDataéUnicorn-64773.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppDataéUnicorn-48911.exe
        
        C:\Users\Admin\AppDataéUnicorn-48911.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\LocaléUnicorn-38347.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-38347.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\LocaléUnicorn-20816.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-20816.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\LocaléUnicorn-4796.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-4796.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\LocaléUnicorn-56575.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-56575.exe
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\TempéUnicorn-36608.exe
      C:\Users\Admin\AppData\Local\TempéUnicorn-36608.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\LocaléUnicorn-15296.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-15296.exe
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppDataéUnicorn-58727.exe
        
        C:\Users\Admin\AppDataéUnicorn-58727.exe
        6⤵
        
        PID:1416
      - C:\Users\Admin\AppDataéUnicorn-18320.exe
        
        C:\Users\Admin\AppDataéUnicorn-18320.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppDataéUnicorn-23932.exe
        
        C:\Users\Admin\AppDataéUnicorn-23932.exe
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppDataéUnicorn-15745.exe
        
        C:\Users\Admin\AppDataéUnicorn-15745.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\LocaléUnicorn-8109.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-8109.exe
        5⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\LocaléUnicorn-32055.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-32055.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\LocaléUnicorn-13461.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-13461.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\LocaléUnicorn-40246.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-40246.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\TempéUnicorn-26189.exe
      C:\Users\Admin\AppData\Local\TempéUnicorn-26189.exe
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\LocaléUnicorn-56158.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-56158.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\LocaléUnicorn-10105.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-10105.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
    - - C:\Users\Admin\AppData\LocaléUnicorn-5548.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-5548.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
    - - C:\Users\Admin\AppData\LocaléUnicorn-28501.exe
        
        C:\Users\Admin\AppData\LocaléUnicorn-28501.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\TempéUnicorn-36859.exe
      C:\Users\Admin\AppData\Local\TempéUnicorn-36859.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\TempéUnicorn-4505.exe
      C:\Users\Admin\AppData\Local\TempéUnicorn-4505.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\TempéUnicorn-3278.exe
      C:\Users\Admin\AppData\Local\TempéUnicorn-3278.exe
      4⤵
      PID:4340
  - - C:\Users\Admin\AppData\Local\TempéUnicorn-56203.exe
      C:\Users\Admin\AppData\Local\TempéUnicorn-56203.exe
      4⤵
      PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        6⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        7⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        6⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        5⤵
        
        PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
      4⤵
      PID:5760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        5⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46366.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24525.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10261.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
      4⤵
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44837.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60669.exe
      4⤵
      PID:5752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        5⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
      4⤵
      PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
    3⤵
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
      4⤵
      PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
    3⤵
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
    3⤵
    PID:4732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
    3⤵
    PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
    3⤵
    PID:5940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        7⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        6⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        5⤵
        
        PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        5⤵
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        6⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        6⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47030.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        5⤵
        
        PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
      4⤵
      PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
      4⤵
      PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
      4⤵
      PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 200
      4⤵
      Loads dropped DLL
      Program crash
      PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
      4⤵
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        5⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
      4⤵
      PID:6092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
    3⤵
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
      4⤵
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44958.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
    3⤵
    PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
    3⤵
    PID:4688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        5⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        5⤵
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        5⤵
        
        PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
      4⤵
      PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
      4⤵
      PID:5636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
      4⤵
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
      4⤵
      PID:6160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
    3⤵
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62206.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
    3⤵
    PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
    3⤵
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
    3⤵
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
    3⤵
    PID:5268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
    3⤵
    - Executes dropped EXE
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
      4⤵
      PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
    3⤵
    PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
    3⤵
    PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
    3⤵
    PID:5192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
    3⤵
    PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
      4⤵
      PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
    3⤵
    PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
    3⤵
    PID:5968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
  2⤵
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
    3⤵
    PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55247.exe
    3⤵
    PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
    3⤵
    PID:5576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
  2⤵
  PID:1456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
  2⤵
  PID:3972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45701.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45701.exe
  2⤵
  PID:4784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
  2⤵
  PID:5848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe

Filesize
468KB

MD5
e1613c999be66e509699b5b4c448c021

SHA1
d4ccf48c43bad155a8ba782bf51ac0c93048fda1

SHA256
0cd16f7cea56ab0eb9809961173be7aae65fe45c4305415b7019f866699c3df5

SHA512
da3cfa0b57deabb3ecedc346fc6923766f9deacacde45795061a1ecea9ba6bf7a38d886faa0119e7ed335fc2c9c037193f249417ead0a9c5836f472ad62caf85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe

Filesize
468KB

MD5
277ea8e969a217c0191bfaa56113a09e

SHA1
2720da175b4d7fc0d03b5237bb4320788f1cbb40

SHA256
c864944651889e1e663d6bc88df4f7fd794f6d4c68876bb2ee5e8bf1ef4d9b39

SHA512
bb8dbf1b44fdd080674aa8fdf139760350c4153b00016808ea4a07136170735223612907dde5a5bcba32bec08e62d1cfe41ca7717e880580009696a6622374da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe

Filesize
468KB

MD5
a1d622d5bea9650a8ef2473617dd0c87

SHA1
281e6704c3cbb605369ab99f8fcfd458de867319

SHA256
aafea67934262a9c1d043b305f8191614f2b9645121aa4459322699baa29db38

SHA512
267d65b277e48d247f54a73a6050e1bf05246a568bdb753f11cac8300411e74d656672fb17bed7ba05804b9fa29708016e2e84acdd86eb7a3a339a14e1443265

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe

Filesize
468KB

MD5
9adaaded1aab53092673e8199dd6b46f

SHA1
9ca52f822ad49fdfe342f786da90768c01b6c380

SHA256
992a13d176b02186cdc50f53aceab8f2507cd4b25c55f15e3c27e5f9c83fc760

SHA512
38eae54c09a2b8a7352eb61a0c5e00f57e59edc3bdc91e673f27abc8c404a63114eb646f60849a8568fd6aaaa9a9f3cc003ad331d6137c71b58fed8857014566

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe

Filesize
468KB

MD5
5e654d0c0039036180020ff1b53c76cc

SHA1
4e67054fd5fd011e41d25087df958f5717f168fd

SHA256
ad84acbc4441e50f056766f89a961667764e148176fbbc77f71a09fcbab2de13

SHA512
cdfd1f3f525d0fa44ab5fa03e54ea3ed38711c1c9e64f01dcd94be0ffda1771262d72d57266fc65d1240813710a53dda99908ec57ae5be5dedf124423965e0a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe

Filesize
468KB

MD5
c2ae58ace0ef59e0f14dc557352224d2

SHA1
68902afb9b5e57db39fb7f952ea11e4a5de4740b

SHA256
a1f94af4117a720d5af40dcc6d36b8bbd6e3b30150ae75e69a448f37b5f6c3eb

SHA512
d7a308d13718c6b78b0d1efe635d2e9b4a9a25b89d7f398ac74ef7bfa04ae9ae87598decf5bbe816fe0b460f86942162ea26ee7cfbfc79a6b073700e53ea94ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe

Filesize
468KB

MD5
75c6e2db45c975a1d9f7af714c21cbb6

SHA1
83bd60e6048521798b53c14ed58c84d482fa4dec

SHA256
b8c48824b4e0429fa01554aad8ba07898aa15e14178675dfd9978b86ee7d73f4

SHA512
410036989cf5d25fdcd97a13e89c018d94e14ecbc440a139ac5a392bc9f0f758f616e79627c58beb894c9bddbb0bb13c2743a16b2205e32f8ab230e5378fa509

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe

Filesize
468KB

MD5
493508e0a5f7ba48f6cd5e7cf41acaae

SHA1
60f9747ef99227a5e5b04b979f7eb9e2c9c3db71

SHA256
1277b01207824ef4803b4552344d07f066bcdd54cbc0affe9d0f9ceee2d3f99f

SHA512
8bbb7526dc788436f400f266772488ef01783cde9770dfb8900759dcf78abdfeb894b1197fe896eab60494f9557ae01c1647a6384b075140b4d0a4541bb65765

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe

Filesize
468KB

MD5
5122a0011e2a7477e4250c39eb04fcb3

SHA1
371489e01eb038ca72662ce30c01dafc2bdbd4a0

SHA256
0b6a965aded84319767f32fbcc715f37ef9e179cdac680856dd0f6b6c65ec35e

SHA512
913049dc303fbc4f8ef48840a126de3cc3c07eee7bf18903f947db14414fe7fc21198d18d4dd2f005578dc4c31b9a4ebad132cd393addb9610f16dffd267d50a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe

Filesize
468KB

MD5
c9a72b13a032c8374f99557b25c00edc

SHA1
09b76c54799d4a4c8740f358164b97927b16cbbb

SHA256
4abf90f061855ffda13e1eeaa06c5579761b847e6210c747a7eeaf9487d4c428

SHA512
812f9cefda2133598c4b79bf2872273d3b4b0a587a4a4df8e8a0ad7840db425dea4df9db57da3d53b4cbd808f6d23c02d5da8364d52b85e488584a33a955e33d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe

Filesize
468KB

MD5
27a7600c6634de359634e95c045ba80d

SHA1
c76dd13ab10765b6eee885aac5ae2ff9b25bb1e0

SHA256
3c9f528cc5fb9ac8cea780113b5de76e125ca52b0815b417cd16673ec0d3ea71

SHA512
276fd93fd1288bdc5ef60b61d1e767bde97d42337fe4be933cdc849a8b6999c2e6270bfb5f79b73c0ea052e5579e8beab001871d52b85bebe99cf9ac24e7cce7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe

Filesize
468KB

MD5
774cdd15acbc6911c0d129a6e3bc3e24

SHA1
7ad01d596aad4edfcca83fd63a609ec42f336f6a

SHA256
cf1cee6c69426638e414e71d81013d44f42cd1967185711c932478cf06ca1be3

SHA512
dc2b695a66dfd304c0b3bfab7f05534342cfc2b1decbe4fd466d080185aaeb80b5ab23608c08c60d4bbc3a8e9a226314891080bc56be2e04c463808c3a68bff7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe

Filesize
468KB

MD5
f0b454118fd6241a73f7d3ca314a2595

SHA1
391162306356a8016b2b2dcc743e8de98a5ace67

SHA256
9e642d9a54283d1cf2b36d612ee33b117cfff858d56d1e5b1478bbbd9d862bcb

SHA512
7cb645d947abf436feb1d7f0801361e64e80473278f1d572c34e3a5f53bcd5065bfb3ec69125c17de497ada5fa5a2b56b37169d8aeeec6d20f717a587d7e11cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe

Filesize
468KB

MD5
e0b6348ac7abb48be80e1c93a1bea29d

SHA1
d36786ec19f222380a32bb676b51da0182c25677

SHA256
00193a444838e31fb5f77531c4226c5778b889427dde06d1b8d851091201b2d0

SHA512
35e403368faea6c990c4ae00dcdce91b065d6ea0b734ea740ef5403629659ae9c8a2192a5d435e6e49b600683913ac9fc55ede8bc14ebd6b7931228c76dcd542

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe

Filesize
468KB

MD5
a6a981e1758afe66bd5b0f27d6ebf5f9

SHA1
d3d992df3e2b8d16ea2e12acf3f460521f3957d1

SHA256
989efcaabb0d71e3682159f4d77eca494d1b57694e19c6b0efe32162cb6f0999

SHA512
55e21b99c7c4e48fa4587b7abf88f20a47a5658d3c469544acbae49d284fca9b20c56526ec7af7084b7258474ad5b80bf0acd62833371e1aafc508d577c572e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe

Filesize
468KB

MD5
42e369548f8e4f8694d935f05e819a6d

SHA1
ea598bbd42ae332cb84bbc3fd06dd524358b4632

SHA256
27f70ad91746f17b4d8def821fc026d2dc4a1eb9bf9edd90be59565c167ad82b

SHA512
7f6c4ad8600d4e4be6dbce2345c3bb725dc733c0a694eea794cd78cfc9bacbfb4497e6a09c596ef6b561fce740947a89600c1f34497710c2f49d89f2e06dc1fe

Download Submit
\Users\Admin\AppData\Local\TempéUnicorn-20408.exe

Filesize
468KB

MD5
718a6911d50176afccb9ed9cac189910

SHA1
51ad0fe0bb4108bc73b89fa6d899981567a0e969

SHA256
aad67ffb5412b9e97ea84f7d047397a2a797ea54d5544d55f644cd499dc4bd09

SHA512
822f4e1b0e2779db15bae1b15a500e71e93d4751f184509f1c0a2b2304492309e3a9a4b4c05771d633f5f0155f08c51da458551688450cc40064d47149b4519f

Download Submit
\Users\Admin\AppData\LocaléUnicorn-17087.exe

Filesize
468KB

MD5
836180b638f189c499312569051adf9d

SHA1
7a324081e801097ddce23477e7ace94516ea6e6a

SHA256
554456a892f295a6f43c251cc3c29ea367c33efa4ef990453994f6b95b98cf31

SHA512
44bfcc358b2d60c9be2cdb3d7b87ff346cf70c61b2bd8fe5b5580ed1ecaa1c9a03bb0dd00b658f421356cf5a70617cc2f19cc0c160644999397c99ca1108ab60

Download Submit