4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
Size

468KB
MD5

3326363596c04393c93350789a872b40
SHA1

61c30b4939b24fc00f137aeda8a867c3826a2f37
SHA256

4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2
SHA512

a468e3e61524341e25c779bcd7ceeddaf5e9a192c964cfbfc1cbb1437f52d6d5532fbac73f648e558e98c13206515cadea3eab2eda4cbf99c5aba1e3e92630dd
SSDEEP

3072:qG3logIKI05UtbY3HzZOcf8/zChaP0pUnLHewYPQrP5LPW+Tkslul:qGVoD8Ut4HlOcfuY1OrPVu+Tk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2300	Unicorn-2965.exe
2268	Unicorn-44465.exe
2472	Unicorn-20515.exe
2808	Unicorn-28451.exe
2764	Unicorn-45534.exe
1976	Unicorn-6176.exe
2988	Unicorn-61315.exe
2632	Unicorn-5928.exe
1156	Unicorn-6333.exe
1352	Unicorn-39198.exe
2924	Unicorn-34849.exe
2992	Unicorn-35668.exe
2788	Unicorn-55534.exe
2928	Unicorn-45320.exe
1716	Unicorn-3448.exe
1048	Unicorn-17738.exe
1808	Unicorn-52649.exe
2292	Unicorn-47859.exe
1260	Unicorn-56432.exe
2092	Unicorn-2882.exe
1376	Unicorn-25797.exe
1596	Unicorn-31928.exe
1160	Unicorn-27844.exe
2044	Unicorn-16146.exe
900	Unicorn-64792.exe
604	Unicorn-40842.exe
1264	Unicorn-59946.exe
1948	Unicorn-32587.exe
2032	Unicorn-60334.exe
1296	Unicorn-40733.exe
1828	Unicorn-56515.exe
1732	Unicorn-12145.exe
1608	Unicorn-49499.exe
2236	Unicorn-17381.exe
2244	Unicorn-10696.exe
2184	Unicorn-49691.exe
1036	Unicorn-20340.exe
2836	Unicorn-49115.exe
2736	Unicorn-31817.exe
2892	Unicorn-53199.exe
2660	Unicorn-16443.exe
2668	Unicorn-59513.exe
2732	Unicorn-58222.exe
2624	Unicorn-6420.exe
2336	Unicorn-12550.exe
2480	Unicorn-32971.exe
3028	Unicorn-18149.exe
2948	Unicorn-59182.exe
2920	Unicorn-13510.exe
1536	Unicorn-5897.exe
1204	Unicorn-25763.exe
1932	Unicorn-54278.exe
1652	Unicorn-1704.exe
344	Unicorn-9317.exe
2060	Unicorn-25632.exe
2412	Unicorn-12825.exe
2964	Unicorn-3.exe
1064	Unicorn-8933.exe
1876	Unicorn-32351.exe
1564	Unicorn-30314.exe
1704	Unicorn-59649.exe
1788	Unicorn-38674.exe
804	Unicorn-30506.exe
1068	Unicorn-30484.exe

Loads dropped DLL 64 IoCs

pid	Process
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2300	Unicorn-2965.exe
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2300	Unicorn-2965.exe
2268	Unicorn-44465.exe
2268	Unicorn-44465.exe
2300	Unicorn-2965.exe
2300	Unicorn-2965.exe
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2472	Unicorn-20515.exe
2472	Unicorn-20515.exe
2268	Unicorn-44465.exe
2268	Unicorn-44465.exe
1976	Unicorn-6176.exe
1976	Unicorn-6176.exe
2764	Unicorn-45534.exe
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2764	Unicorn-45534.exe
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2988	Unicorn-61315.exe
2300	Unicorn-2965.exe
2472	Unicorn-20515.exe
2988	Unicorn-61315.exe
2472	Unicorn-20515.exe
2300	Unicorn-2965.exe
2632	Unicorn-5928.exe
2632	Unicorn-5928.exe
2268	Unicorn-44465.exe
2268	Unicorn-44465.exe
1156	Unicorn-6333.exe
1156	Unicorn-6333.exe
1976	Unicorn-6176.exe
1976	Unicorn-6176.exe
2992	Unicorn-35668.exe
2992	Unicorn-35668.exe
2300	Unicorn-2965.exe
2300	Unicorn-2965.exe
2472	Unicorn-20515.exe
2472	Unicorn-20515.exe
2788	Unicorn-55534.exe
2788	Unicorn-55534.exe
1352	Unicorn-39198.exe
1352	Unicorn-39198.exe
2988	Unicorn-61315.exe
2988	Unicorn-61315.exe
2924	Unicorn-34849.exe
2924	Unicorn-34849.exe
2764	Unicorn-45534.exe
2764	Unicorn-45534.exe
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
1048	Unicorn-17738.exe
1048	Unicorn-17738.exe
2632	Unicorn-5928.exe
2268	Unicorn-44465.exe
2632	Unicorn-5928.exe
2268	Unicorn-44465.exe
1808	Unicorn-52649.exe
1808	Unicorn-52649.exe
1156	Unicorn-6333.exe
1156	Unicorn-6333.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3976	3572	WerFault.exe	226

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21762.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
2300	Unicorn-2965.exe
2268	Unicorn-44465.exe
2472	Unicorn-20515.exe
2764	Unicorn-45534.exe
1976	Unicorn-6176.exe
2988	Unicorn-61315.exe
2632	Unicorn-5928.exe
1156	Unicorn-6333.exe
2788	Unicorn-55534.exe
1352	Unicorn-39198.exe
2928	Unicorn-45320.exe
2992	Unicorn-35668.exe
2924	Unicorn-34849.exe
1048	Unicorn-17738.exe
1716	Unicorn-3448.exe
1808	Unicorn-52649.exe
2292	Unicorn-47859.exe
1260	Unicorn-56432.exe
2092	Unicorn-2882.exe
1376	Unicorn-25797.exe
1596	Unicorn-31928.exe
1160	Unicorn-27844.exe
2044	Unicorn-16146.exe
900	Unicorn-64792.exe
604	Unicorn-40842.exe
1264	Unicorn-59946.exe
1948	Unicorn-32587.exe
2032	Unicorn-60334.exe
1296	Unicorn-40733.exe
1828	Unicorn-56515.exe
1732	Unicorn-12145.exe
1608	Unicorn-49499.exe
2236	Unicorn-17381.exe
2244	Unicorn-10696.exe
2184	Unicorn-49691.exe
2836	Unicorn-49115.exe
1036	Unicorn-20340.exe
2892	Unicorn-53199.exe
2736	Unicorn-31817.exe
2660	Unicorn-16443.exe
2732	Unicorn-58222.exe
2668	Unicorn-59513.exe
2624	Unicorn-6420.exe
2336	Unicorn-12550.exe
2480	Unicorn-32971.exe
2948	Unicorn-59182.exe
2920	Unicorn-13510.exe
3028	Unicorn-18149.exe
1536	Unicorn-5897.exe
1204	Unicorn-25763.exe
1932	Unicorn-54278.exe
1652	Unicorn-1704.exe
344	Unicorn-9317.exe
2060	Unicorn-25632.exe
2412	Unicorn-12825.exe
1876	Unicorn-32351.exe
2964	Unicorn-3.exe
1064	Unicorn-8933.exe
1564	Unicorn-30314.exe
1788	Unicorn-38674.exe
1704	Unicorn-59649.exe
804	Unicorn-30506.exe
1068	Unicorn-30484.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2300	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	31
PID 2272 wrote to memory of 2300	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	31
PID 2272 wrote to memory of 2300	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	31
PID 2272 wrote to memory of 2300	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	31
PID 2300 wrote to memory of 2268	2300	Unicorn-2965.exe	32
PID 2300 wrote to memory of 2268	2300	Unicorn-2965.exe	32
PID 2300 wrote to memory of 2268	2300	Unicorn-2965.exe	32
PID 2272 wrote to memory of 2472	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	33
PID 2300 wrote to memory of 2268	2300	Unicorn-2965.exe	32
PID 2272 wrote to memory of 2472	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	33
PID 2272 wrote to memory of 2472	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	33
PID 2272 wrote to memory of 2472	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	33
PID 2268 wrote to memory of 2808	2268	Unicorn-44465.exe	34
PID 2268 wrote to memory of 2808	2268	Unicorn-44465.exe	34
PID 2268 wrote to memory of 2808	2268	Unicorn-44465.exe	34
PID 2268 wrote to memory of 2808	2268	Unicorn-44465.exe	34
PID 2300 wrote to memory of 2764	2300	Unicorn-2965.exe	35
PID 2300 wrote to memory of 2764	2300	Unicorn-2965.exe	35
PID 2300 wrote to memory of 2764	2300	Unicorn-2965.exe	35
PID 2300 wrote to memory of 2764	2300	Unicorn-2965.exe	35
PID 2272 wrote to memory of 1976	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	36
PID 2272 wrote to memory of 1976	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	36
PID 2272 wrote to memory of 1976	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	36
PID 2272 wrote to memory of 1976	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	36
PID 2472 wrote to memory of 2988	2472	Unicorn-20515.exe	37
PID 2472 wrote to memory of 2988	2472	Unicorn-20515.exe	37
PID 2472 wrote to memory of 2988	2472	Unicorn-20515.exe	37
PID 2472 wrote to memory of 2988	2472	Unicorn-20515.exe	37
PID 2268 wrote to memory of 2632	2268	Unicorn-44465.exe	38
PID 2268 wrote to memory of 2632	2268	Unicorn-44465.exe	38
PID 2268 wrote to memory of 2632	2268	Unicorn-44465.exe	38
PID 2268 wrote to memory of 2632	2268	Unicorn-44465.exe	38
PID 1976 wrote to memory of 1156	1976	Unicorn-6176.exe	39
PID 1976 wrote to memory of 1156	1976	Unicorn-6176.exe	39
PID 1976 wrote to memory of 1156	1976	Unicorn-6176.exe	39
PID 1976 wrote to memory of 1156	1976	Unicorn-6176.exe	39
PID 2764 wrote to memory of 1352	2764	Unicorn-45534.exe	40
PID 2764 wrote to memory of 1352	2764	Unicorn-45534.exe	40
PID 2764 wrote to memory of 1352	2764	Unicorn-45534.exe	40
PID 2764 wrote to memory of 1352	2764	Unicorn-45534.exe	40
PID 2272 wrote to memory of 2924	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	41
PID 2272 wrote to memory of 2924	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	41
PID 2272 wrote to memory of 2924	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	41
PID 2272 wrote to memory of 2924	2272	4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe	41
PID 2472 wrote to memory of 2992	2472	Unicorn-20515.exe	44
PID 2472 wrote to memory of 2992	2472	Unicorn-20515.exe	44
PID 2472 wrote to memory of 2992	2472	Unicorn-20515.exe	44
PID 2472 wrote to memory of 2992	2472	Unicorn-20515.exe	44
PID 2988 wrote to memory of 2788	2988	Unicorn-61315.exe	42
PID 2988 wrote to memory of 2788	2988	Unicorn-61315.exe	42
PID 2988 wrote to memory of 2788	2988	Unicorn-61315.exe	42
PID 2988 wrote to memory of 2788	2988	Unicorn-61315.exe	42
PID 2300 wrote to memory of 2928	2300	Unicorn-2965.exe	43
PID 2300 wrote to memory of 2928	2300	Unicorn-2965.exe	43
PID 2300 wrote to memory of 2928	2300	Unicorn-2965.exe	43
PID 2300 wrote to memory of 2928	2300	Unicorn-2965.exe	43
PID 2632 wrote to memory of 1716	2632	Unicorn-5928.exe	45
PID 2632 wrote to memory of 1716	2632	Unicorn-5928.exe	45
PID 2632 wrote to memory of 1716	2632	Unicorn-5928.exe	45
PID 2632 wrote to memory of 1716	2632	Unicorn-5928.exe	45
PID 2268 wrote to memory of 1048	2268	Unicorn-44465.exe	46
PID 2268 wrote to memory of 1048	2268	Unicorn-44465.exe	46
PID 2268 wrote to memory of 1048	2268	Unicorn-44465.exe	46
PID 2268 wrote to memory of 1048	2268	Unicorn-44465.exe	46

C:\Users\Admin\AppData\Local\Temp\4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe
"C:\Users\Admin\AppData\Local\Temp\4ce96de047151c04495c46e2e111fcbc7a202f55ab0c404eb4fc716005c454b2N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
      4⤵
      Executes dropped EXE
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        7⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        6⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8034.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        6⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        7⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        6⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20228.exe
        7⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        5⤵
        
        PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10311.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        7⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39070.exe
        6⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        7⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        6⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        6⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        5⤵
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5179.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        6⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        6⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        6⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
        5⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
      4⤵
      PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27844.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        7⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16638.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        6⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        7⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        7⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51479.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        6⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        6⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        6⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        5⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
      4⤵
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
      4⤵
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
      4⤵
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
      4⤵
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
      4⤵
      PID:5472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        6⤵
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        6⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        5⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
      4⤵
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        5⤵
        
        PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
      4⤵
      PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14509.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        5⤵
        
        PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
      4⤵
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
        5⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
      4⤵
      PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
      4⤵
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
      4⤵
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
      4⤵
      PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
    3⤵
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
      4⤵
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
    3⤵
    PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
    3⤵
    PID:4384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        7⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41395.exe
        6⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        7⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        6⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        6⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        6⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        5⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        6⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        7⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        6⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        6⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        5⤵
        
        PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        6⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        5⤵
        
        PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
      4⤵
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33410.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        5⤵
        
        PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
      4⤵
      PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        7⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        6⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        5⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        5⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        6⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        6⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        5⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22699.exe
        5⤵
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
      4⤵
      PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
      4⤵
      PID:5792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        5⤵
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
        5⤵
        
        PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16776.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
      4⤵
      PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
      4⤵
      PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
      4⤵
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
      4⤵
      PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
    3⤵
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
      4⤵
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
    3⤵
    PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
    3⤵
    PID:5240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        7⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        6⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6134.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        5⤵
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        7⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52034.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        6⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        5⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
        6⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        5⤵
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57670.exe
        5⤵
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62484.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
      4⤵
      PID:648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        6⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        5⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13223.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        5⤵
        
        PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
      4⤵
      PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
      4⤵
      PID:5208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
      4⤵
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        5⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
        6⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
      4⤵
      PID:4936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
    3⤵
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
      4⤵
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
      4⤵
      PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
    3⤵
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
      4⤵
      PID:5720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
    3⤵
    PID:6092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        5⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        6⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 188
        7⤵
        Program crash
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14738.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        5⤵
        
        PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
      4⤵
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
      4⤵
      PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10834.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29387.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
    3⤵
    PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
      4⤵
      PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
      4⤵
      PID:924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
    3⤵
    PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13561.exe
    3⤵
    PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
    3⤵
    PID:5476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
      4⤵
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
        5⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        5⤵
        
        PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
      4⤵
      PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
    3⤵
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
      4⤵
      PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
      4⤵
      PID:5400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
    3⤵
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
      4⤵
      PID:5916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
    3⤵
    PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
    3⤵
    PID:4224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
    3⤵
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
      4⤵
      PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
      4⤵
      PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
    3⤵
    PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
    3⤵
    PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
    3⤵
    PID:4932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
  2⤵
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
    3⤵
    PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5641.exe
    3⤵
    PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
    3⤵
    PID:4204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
  2⤵
  PID:3616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
  2⤵
  PID:4448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
  2⤵
  PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe

Filesize
468KB

MD5
5050642228050dc9be5f308e8a0e85f7

SHA1
794b04d254b786ae6dec93e4c45519cd25da755f

SHA256
849d4225fc75b54b77f81181e7c362d9e8c665f3c087dc92026930232f8e3ef0

SHA512
7ff84fc2d691fdb9b0518a64408f17fb8db2a02c04b05b5af0ba06559e397c5d869f5c1e0e1be537c913366e4378e5e586a8ab9611f54536aaf621ade9af3c65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe

Filesize
468KB

MD5
eeb12460fa794b02eebe9877ebfa3eb6

SHA1
045b0f72ec0078b16ab79dc01ed30dc31cfa0a7c

SHA256
969a55edcf6b81ff1c2139ad560651894fb28e23ec257c19adf76b2cc3d786ab

SHA512
f2699bdf1d2389c1294adf733c190704e2421503d07c59c014448017537fa4286725621b75d3a8db93858fff4d54b45e1f793165ad0c7fb75124b58fe6d6c7c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe

Filesize
468KB

MD5
f92dfeba4a55694afa45f8dad58b4689

SHA1
e0257d760dfb236500a7ad8a33fdbf2089ae1a5b

SHA256
a17fb126d79df2ce905e3a29b1cb865218f3db169c40b5a4f1ceb3e661e8f25d

SHA512
00fa637f0d0646a74287f826d51dbbbca67a3a2c51ca71def936cdd1c08ab7edb091cf65e651d6fcb7f25846363072593e5b2cbfb67b707edd132b9de323dfa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe

Filesize
468KB

MD5
c44e99b77e3e23a96a8f0bace06272a4

SHA1
00bcf5bb0b67793d0625914ded800b93d05aa573

SHA256
831815e68177702825a3e2c6abb92abe045217e867bfbd20b6be61fa36555636

SHA512
680923d2a40e002bea9ab8ba2f61a0c4b994b0eb80b2160d9eed95d3fc3aa6aab8820b563db651886159aba009d2d9c610b49bedecc3df1820e5ac0f6b7dd079

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe

Filesize
468KB

MD5
af250f90fbd2df054151487c3d479b73

SHA1
42d14e7dd9aa84c624b00fdb26ee5540d7b8b6e5

SHA256
ed6cf1387ea6c005fb4637acbcf5a04eacf48146fc3f6200a94e23f5158b906b

SHA512
6ef0556a1cbd21c660e45a63823a376c3137d82b4bafc44febd97d3865a39c68dc39c25fa4505fec76bc5de8d86b49d19523b6ff5bf8c9dd2d45d2dd0064df20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe

Filesize
468KB

MD5
7089bb55021c8bea45190e3a1480e62a

SHA1
fa70308eaf67d54874d28596a880ad2aa02990e2

SHA256
d8821a83560e2d5eee89891c38ad6d9cccb65a02549a275a923267c14c08a457

SHA512
31e3feca80ac1989a99a37f03e52517c3090be704ee33b0af8afa88252420dbdadd87c87cd860a5d617da2ad23c9ddf14be558086050e5bc09fa18f17e417617

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe

Filesize
468KB

MD5
4bab460a564f0f5c9af1ea4414d26ab3

SHA1
7efdcf71c380033dd3993193cabc65fda8256d38

SHA256
f3c076b741e253525b5436e8f369c09db268ad0efe1f1ba7a47d99ace89899df

SHA512
1cade5979e0552ace5633303e81ffe040e74a81c29ef56b93fc00417e7683a9a892eb1128fe23b0a77f83c37a83a446a59b720cddc58b85463bd7add88b76181

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe

Filesize
468KB

MD5
b223eb6ac1d0b19b70e68644e2e6b02a

SHA1
c1d8039a816e4dfe03295a1ba6c6553e28ad16fc

SHA256
3fd71073941973e2d23ea5bfa93245b077979015f5d8688bb1ea96ca6d0eb515

SHA512
f23fbfed5a412ef01b1b961c90478e83c488d5bead9f0834b539c9e8f655e0474e9c3a9f59a775e395277e906899a48cbecc8cab49b15ed817b54ac2dcd749ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe

Filesize
468KB

MD5
4b0d83a264322759419fcc3d5949138d

SHA1
ec84aa1fb73d24b68af6639cb0b9450a1b11462e

SHA256
5f4e9ecf5686b7ac59038961fe011af5cea01834e97ce3f3451a2d541f4c14e3

SHA512
1c643308c8b3d20c42c9cb80a97cbb1b56f5fbd22075ebdc04f379e09d66887d41e34deed69339d505e376891fde38a9c8270b568def011745df7caf2951a6b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe

Filesize
468KB

MD5
bcc165ec4d83e409cd22135fa8df4771

SHA1
8349bde617d8918bc86e19bf40e56e671b6b4b01

SHA256
2998844bfb23060b09df379ae8b316425dec62af3b0d939483390422151d9db7

SHA512
12aef2851b70cdb96e68abf1a90bcb49a176469d97e6612fb46c317ab2dd6aa06d07aebb6e405a95adee83009d99592c6e569625fc97a999ea91b6dcfaf12a42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe

Filesize
468KB

MD5
95fa5dc4ea2e0537f0fd8e3135cf8ae1

SHA1
7bbcc068af7ab90327cb52d12bc2689dcd2e6685

SHA256
0dcd064417e6929d80df6ac3f35603383a8659c369d4e379257c5ccd1631e6fc

SHA512
89883a3ae88fdeeb564f572639d92ef3d43cbf68cbc6f89424868a3ea4057d9bfc180cbd20a1d7833f1a3d268340d9de47d65697af31af7c7dd87ebac49a48b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe

Filesize
468KB

MD5
ae7c850e10571a6e5f4711b123ff45b3

SHA1
b872c05312934a8e4c912e4d5d09ed52c2b20096

SHA256
1596ea345130609fd09a1ea4a810ea04148994f0bbcb2eb4b6a5089c442a7217

SHA512
6bd5944d1f3190181fde51a984ef4176be1b5cc240dc1bb9578f0b23912277d9e66b1b2e2505b29614c58dd9e73bfd3091d098ef1533916e19c2b72a86743c11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe

Filesize
468KB

MD5
c38f1a7a421c1e050328eebde3073e71

SHA1
44b520634129c028d743aeedc37bf30b2113cf4f

SHA256
c76e925c38ab9f425fb9b68484fc1e2748f1bbd1ef685b4c77ab0f3b2c57b198

SHA512
b6257048a6c8ab62db2349573b081f89715ca3c91222101d46b365e62b152d5bd75b68ab9367e6d19f6eb45428a84a8804dd6cfcb5426e6e787ade2c52d77c0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe

Filesize
468KB

MD5
e342abcedd21a079e200441307c8b981

SHA1
89f901177153a15676e4d0774cf82af85e9d1f6a

SHA256
36240f7e438f9c5155ab11f6a7390153cfd2aac7f5d70ca881b141a0fae14981

SHA512
0079e4bcc6d5888dcbb910f170d70cf2487a48a1300b33984d7a4e54f79f6c3f21494985eaa0155c5a7914111a2b25da0013681f42318bfa0f823895fbb5ef1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe

Filesize
468KB

MD5
22be64812b2aa40adbcd8fe299c78ca4

SHA1
7e8c828e31e159ced8abf62c1fb408777e417a7f

SHA256
630fc7344bf1178e1b0482f68904e02bb38c66efba417661ce9cb0d2ee0bb2fc

SHA512
6fecf7beb6e03e8e7c677d551b4155d45c68fed62aae971c44c69c81bf828e5e2bcbb70bcec94e7ab6cb0d9f13d5a462fdb9e98460d20dbed8ec90d2ae40400e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe

Filesize
468KB

MD5
4253d564c8293918eedfb450f8c5059c

SHA1
b701ceecae92f01c372164ef037764d5a0cf612d

SHA256
b4c5ad5861bf9691e0bff158655d284f1aa727bdad369783c281e0e0662bcdae

SHA512
e3578eeae0ade55eddb418d8b48779a5b8b08dd63a5563f39b3506111c887cba96585a1fac153bfee7540eb8e5e1d6ebba37ed677eb41e0c1fc1e55b48f1bfe0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe

Filesize
468KB

MD5
cedf1a026627bef5138e04002bbb88a3

SHA1
096a2c40eb0f3c938686d29e6a235ce22f3a7ff9

SHA256
d081451d90e8810d5cca59e5cec054782d526550e085b3bb016bb27d51d56742

SHA512
c05b1f4323a709ac5a9faa0096c07e20f0e331878d8404d9ac9ed716ffa0ba90ac791a111336078343d3570a537dfb91acfc4c0aa336e42be29b42ca4bd7a27a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe

Filesize
468KB

MD5
8071ff936cc5a499ae2f199c44b08296

SHA1
350c69d92bb8b0fc3a7c607d3330407f377f03e3

SHA256
9ccb2c47faac64b3e93cc07bcf29fb72d018fa60a0436d483873e2dc25f87ce9

SHA512
e63fbcdf1b3eacd6ab3fc6e2b64e5d492042738c4b4cb4d359c314479af9a601f5f54cfedd09a1f27b3a96af719e74ed4fd07969d5675e89c1f589411bfccaaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe

Filesize
468KB

MD5
5107a59e1faf0ae3f6085bdd8615bb82

SHA1
f4d582bf42f268cb371c9b1c18aa3c4fcf8d8a37

SHA256
e796c55b4de79da847c0e6255d79bf89f81fc734898f87bb8b7adcb936c85021

SHA512
f5d0ee38e1707a0076414fb967b8d6d08dd720e6824b08e2f7760154cfdb5f1643cfa0c4064c0c71162566f7756d44ff4c7adc5b281ebe00d09c4dd25961f8e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe

Filesize
468KB

MD5
7e9f26e1e649554b3ad4b17e5a941451

SHA1
6060fef8d5fea1a987c57ba95e46bb52afe17928

SHA256
5b387b05f200dbdfa4ed10a41fde8f189efad023f1a122e17f8182c8b1f24208

SHA512
eed54dade41e8cb0a68c930b02bc62e0cb6bb36e2fe37d2c0fcae1025741c9c61b749a1da95e71807f26e480707dc200d49ac5a97137d9bc4dd91cf0a14c37eb

Download Submit