be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
Size

468KB
MD5

7c1dc8af6a9397373ff26e0f4f577650
SHA1

62a336da33b5f1d54783bdef59a7fac7612bf6a9
SHA256

be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046f
SHA512

91c5d2f7f7359ad27d99d3cf1900a399baf46094345d4adde59a42430ca94c4b0e2ab02aa3e8262177bad49f09fb1d4eb654ed090c03068bd69316a02f372cf9
SSDEEP

3072:1G3HogIKIm5TtbY2HzcOcf8/zChaP0ptnLHeTVPrb45LVx1g5slL:1G3oDiTtxH4OcfuYgFb4VP1g5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3028	Unicorn-34159.exe
860	Unicorn-31440.exe
1484	Unicorn-33063.exe
2832	Unicorn-32722.exe
2896	Unicorn-59456.exe
2644	Unicorn-45721.exe
2748	Unicorn-49.exe
2732	Unicorn-47143.exe
2688	Unicorn-47143.exe
1076	Unicorn-30350.exe
2888	Unicorn-477.exe
1904	Unicorn-61183.exe
2884	Unicorn-61183.exe
1748	Unicorn-41317.exe
2920	Unicorn-55437.exe
1932	Unicorn-16809.exe
1444	Unicorn-54800.exe
3012	Unicorn-56232.exe
1012	Unicorn-17638.exe
2708	Unicorn-20976.exe
2044	Unicorn-39350.exe
2592	Unicorn-53840.exe
1788	Unicorn-4639.exe
1520	Unicorn-12807.exe
2128	Unicorn-26190.exe
900	Unicorn-37696.exe
1672	Unicorn-17830.exe
1464	Unicorn-31565.exe
2252	Unicorn-62392.exe
2180	Unicorn-62127.exe
1360	Unicorn-10421.exe
988	Unicorn-16394.exe
1264	Unicorn-12672.exe
2500	Unicorn-49450.exe
1480	Unicorn-57.exe
1612	Unicorn-45729.exe
2096	Unicorn-42168.exe
2280	Unicorn-40130.exe
2716	Unicorn-16402.exe
3048	Unicorn-6772.exe
3036	Unicorn-44084.exe
2776	Unicorn-22917.exe
2728	Unicorn-57244.exe
2612	Unicorn-9076.exe
1352	Unicorn-41557.exe
276	Unicorn-62724.exe
1928	Unicorn-40597.exe
1656	Unicorn-15131.exe
2596	Unicorn-32237.exe
2640	Unicorn-40405.exe
2940	Unicorn-26106.exe
2936	Unicorn-65101.exe
1876	Unicorn-38058.exe
1828	Unicorn-59762.exe
1148	Unicorn-48827.exe
1736	Unicorn-2963.exe
2144	Unicorn-51780.exe
1228	Unicorn-46435.exe
2288	Unicorn-46757.exe
1248	Unicorn-55179.exe
1116	Unicorn-9507.exe
1368	Unicorn-25387.exe
1456	Unicorn-42455.exe
1692	Unicorn-14229.exe

Loads dropped DLL 64 IoCs

pid	Process
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
3028	Unicorn-34159.exe
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
3028	Unicorn-34159.exe
1484	Unicorn-33063.exe
1484	Unicorn-33063.exe
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
3028	Unicorn-34159.exe
3028	Unicorn-34159.exe
860	Unicorn-31440.exe
860	Unicorn-31440.exe
2896	Unicorn-59456.exe
2832	Unicorn-32722.exe
2896	Unicorn-59456.exe
2832	Unicorn-32722.exe
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
1484	Unicorn-33063.exe
1484	Unicorn-33063.exe
2748	Unicorn-49.exe
2644	Unicorn-45721.exe
2748	Unicorn-49.exe
2644	Unicorn-45721.exe
860	Unicorn-31440.exe
860	Unicorn-31440.exe
3028	Unicorn-34159.exe
3028	Unicorn-34159.exe
2732	Unicorn-47143.exe
2732	Unicorn-47143.exe
2688	Unicorn-47143.exe
2688	Unicorn-47143.exe
2896	Unicorn-59456.exe
2896	Unicorn-59456.exe
2832	Unicorn-32722.exe
2832	Unicorn-32722.exe
2888	Unicorn-477.exe
2888	Unicorn-477.exe
1484	Unicorn-33063.exe
1484	Unicorn-33063.exe
2884	Unicorn-61183.exe
2884	Unicorn-61183.exe
1748	Unicorn-41317.exe
1748	Unicorn-41317.exe
1904	Unicorn-61183.exe
1904	Unicorn-61183.exe
2748	Unicorn-49.exe
2748	Unicorn-49.exe
2644	Unicorn-45721.exe
2644	Unicorn-45721.exe
2920	Unicorn-55437.exe
860	Unicorn-31440.exe
2920	Unicorn-55437.exe
860	Unicorn-31440.exe
1076	Unicorn-30350.exe
1076	Unicorn-30350.exe
3028	Unicorn-34159.exe
3028	Unicorn-34159.exe
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
1932	Unicorn-16809.exe
1932	Unicorn-16809.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	2960	WerFault.exe	136

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19973.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
3028	Unicorn-34159.exe
860	Unicorn-31440.exe
1484	Unicorn-33063.exe
2832	Unicorn-32722.exe
2896	Unicorn-59456.exe
2748	Unicorn-49.exe
2644	Unicorn-45721.exe
2732	Unicorn-47143.exe
2688	Unicorn-47143.exe
1076	Unicorn-30350.exe
2888	Unicorn-477.exe
1904	Unicorn-61183.exe
2884	Unicorn-61183.exe
1748	Unicorn-41317.exe
2920	Unicorn-55437.exe
1932	Unicorn-16809.exe
1444	Unicorn-54800.exe
3012	Unicorn-56232.exe
1012	Unicorn-17638.exe
2708	Unicorn-20976.exe
2044	Unicorn-39350.exe
2592	Unicorn-53840.exe
1788	Unicorn-4639.exe
1520	Unicorn-12807.exe
2128	Unicorn-26190.exe
1672	Unicorn-17830.exe
900	Unicorn-37696.exe
2252	Unicorn-62392.exe
1464	Unicorn-31565.exe
2180	Unicorn-62127.exe
1360	Unicorn-10421.exe
988	Unicorn-16394.exe
1264	Unicorn-12672.exe
2500	Unicorn-49450.exe
1480	Unicorn-57.exe
2096	Unicorn-42168.exe
1612	Unicorn-45729.exe
2280	Unicorn-40130.exe
2716	Unicorn-16402.exe
3036	Unicorn-44084.exe
3048	Unicorn-6772.exe
2776	Unicorn-22917.exe
2728	Unicorn-57244.exe
1352	Unicorn-41557.exe
2612	Unicorn-9076.exe
276	Unicorn-62724.exe
1656	Unicorn-15131.exe
1928	Unicorn-40597.exe
2596	Unicorn-32237.exe
2640	Unicorn-40405.exe
2940	Unicorn-26106.exe
2936	Unicorn-65101.exe
1876	Unicorn-38058.exe
1148	Unicorn-48827.exe
1828	Unicorn-59762.exe
1736	Unicorn-2963.exe
2144	Unicorn-51780.exe
1228	Unicorn-46435.exe
2288	Unicorn-46757.exe
1248	Unicorn-55179.exe
1116	Unicorn-9507.exe
1368	Unicorn-25387.exe
1456	Unicorn-42455.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 3028	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	30
PID 1848 wrote to memory of 3028	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	30
PID 1848 wrote to memory of 3028	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	30
PID 1848 wrote to memory of 3028	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	30
PID 3028 wrote to memory of 860	3028	Unicorn-34159.exe	33
PID 3028 wrote to memory of 860	3028	Unicorn-34159.exe	33
PID 3028 wrote to memory of 860	3028	Unicorn-34159.exe	33
PID 1848 wrote to memory of 1484	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	32
PID 3028 wrote to memory of 860	3028	Unicorn-34159.exe	33
PID 1848 wrote to memory of 1484	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	32
PID 1848 wrote to memory of 1484	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	32
PID 1848 wrote to memory of 1484	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	32
PID 1484 wrote to memory of 2832	1484	Unicorn-33063.exe	34
PID 1484 wrote to memory of 2832	1484	Unicorn-33063.exe	34
PID 1484 wrote to memory of 2832	1484	Unicorn-33063.exe	34
PID 1484 wrote to memory of 2832	1484	Unicorn-33063.exe	34
PID 1848 wrote to memory of 2896	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	35
PID 1848 wrote to memory of 2896	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	35
PID 1848 wrote to memory of 2896	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	35
PID 1848 wrote to memory of 2896	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	35
PID 3028 wrote to memory of 2644	3028	Unicorn-34159.exe	36
PID 3028 wrote to memory of 2644	3028	Unicorn-34159.exe	36
PID 3028 wrote to memory of 2644	3028	Unicorn-34159.exe	36
PID 3028 wrote to memory of 2644	3028	Unicorn-34159.exe	36
PID 860 wrote to memory of 2748	860	Unicorn-31440.exe	37
PID 860 wrote to memory of 2748	860	Unicorn-31440.exe	37
PID 860 wrote to memory of 2748	860	Unicorn-31440.exe	37
PID 860 wrote to memory of 2748	860	Unicorn-31440.exe	37
PID 2896 wrote to memory of 2732	2896	Unicorn-59456.exe	39
PID 2896 wrote to memory of 2732	2896	Unicorn-59456.exe	39
PID 2896 wrote to memory of 2732	2896	Unicorn-59456.exe	39
PID 2896 wrote to memory of 2732	2896	Unicorn-59456.exe	39
PID 2832 wrote to memory of 2688	2832	Unicorn-32722.exe	38
PID 2832 wrote to memory of 2688	2832	Unicorn-32722.exe	38
PID 2832 wrote to memory of 2688	2832	Unicorn-32722.exe	38
PID 2832 wrote to memory of 2688	2832	Unicorn-32722.exe	38
PID 1848 wrote to memory of 1076	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	40
PID 1848 wrote to memory of 1076	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	40
PID 1848 wrote to memory of 1076	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	40
PID 1848 wrote to memory of 1076	1848	be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe	40
PID 1484 wrote to memory of 2888	1484	Unicorn-33063.exe	41
PID 1484 wrote to memory of 2888	1484	Unicorn-33063.exe	41
PID 1484 wrote to memory of 2888	1484	Unicorn-33063.exe	41
PID 1484 wrote to memory of 2888	1484	Unicorn-33063.exe	41
PID 2748 wrote to memory of 2884	2748	Unicorn-49.exe	42
PID 2748 wrote to memory of 2884	2748	Unicorn-49.exe	42
PID 2748 wrote to memory of 2884	2748	Unicorn-49.exe	42
PID 2748 wrote to memory of 2884	2748	Unicorn-49.exe	42
PID 2644 wrote to memory of 1904	2644	Unicorn-45721.exe	43
PID 2644 wrote to memory of 1904	2644	Unicorn-45721.exe	43
PID 2644 wrote to memory of 1904	2644	Unicorn-45721.exe	43
PID 2644 wrote to memory of 1904	2644	Unicorn-45721.exe	43
PID 860 wrote to memory of 1748	860	Unicorn-31440.exe	44
PID 860 wrote to memory of 1748	860	Unicorn-31440.exe	44
PID 860 wrote to memory of 1748	860	Unicorn-31440.exe	44
PID 860 wrote to memory of 1748	860	Unicorn-31440.exe	44
PID 3028 wrote to memory of 2920	3028	Unicorn-34159.exe	45
PID 3028 wrote to memory of 2920	3028	Unicorn-34159.exe	45
PID 3028 wrote to memory of 2920	3028	Unicorn-34159.exe	45
PID 3028 wrote to memory of 2920	3028	Unicorn-34159.exe	45
PID 2732 wrote to memory of 1932	2732	Unicorn-47143.exe	46
PID 2732 wrote to memory of 1932	2732	Unicorn-47143.exe	46
PID 2732 wrote to memory of 1932	2732	Unicorn-47143.exe	46
PID 2732 wrote to memory of 1932	2732	Unicorn-47143.exe	46

C:\Users\Admin\AppData\Local\Temp\be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe
"C:\Users\Admin\AppData\Local\Temp\be5c23906b0af16f847669a4a9189fef2ea93153fa4de50f53e416f4884c046fN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34159.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34159.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        9⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        7⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        7⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        6⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        7⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        7⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        6⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39148.exe
        6⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        5⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38619.exe
        6⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        6⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
        6⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        6⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45084.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        6⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        6⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        6⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        5⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
        5⤵
        
        PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
      4⤵
      PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
      4⤵
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2963.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
        6⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        6⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5120.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52335.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17830.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        6⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        5⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        5⤵
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
      4⤵
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
      4⤵
      PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        6⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
        5⤵
        
        PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        5⤵
        
        PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
      4⤵
      PID:5564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
      4⤵
      PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
      4⤵
      PID:5528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
      4⤵
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
      4⤵
      PID:5992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
    3⤵
    PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
    3⤵
    PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
    3⤵
    PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
    3⤵
    PID:5988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        7⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        6⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        6⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        6⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25159.exe
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        7⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        6⤵
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        6⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
        5⤵
        
        PID:236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        6⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
        5⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1775.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29927.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
        5⤵
        
        PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44084.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        5⤵
        
        PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40108.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
      4⤵
      PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
      4⤵
      PID:5880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        5⤵
        
        PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        5⤵
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
      4⤵
      PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
      4⤵
      PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
      4⤵
      PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
      4⤵
      PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
    3⤵
    PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
    3⤵
    PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
    3⤵
    PID:5188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42455.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        7⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        6⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14229.exe
        5⤵
        Executes dropped EXE
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
        6⤵
        Program crash
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
        5⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        6⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        5⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
      4⤵
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
        5⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39148.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
      4⤵
      PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
      4⤵
      PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        5⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        6⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        5⤵
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        5⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        5⤵
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27108.exe
      4⤵
      PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
      4⤵
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
      4⤵
      PID:5156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
      4⤵
      PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
      4⤵
      PID:5572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
    3⤵
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
      4⤵
      PID:6000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
    3⤵
    PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
    3⤵
    PID:5640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
      4⤵
      PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
      4⤵
      PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
      4⤵
      PID:800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
      4⤵
      PID:5968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
    3⤵
    PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56680.exe
      4⤵
      PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
    3⤵
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
    3⤵
    PID:5200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
    3⤵
    PID:5140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
      4⤵
      PID:5588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
    3⤵
    PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
      4⤵
      PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
    3⤵
    PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5155.exe
    3⤵
    PID:5172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
    3⤵
    PID:5476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
    3⤵
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
      4⤵
      PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
      4⤵
      PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
    3⤵
    PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
    3⤵
    PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
  2⤵
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
    3⤵
    PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
    3⤵
    PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
    3⤵
    PID:5624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
  2⤵
  PID:2968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33975.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33975.exe
  2⤵
  PID:3656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
  2⤵
  PID:4768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
  2⤵
  PID:5632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-34159.exe

Filesize
468KB

MD5
b6f2a5c9a23a10fa2238600773aaeeaf

SHA1
e617177954831f19e616754c080f0108dd488d62

SHA256
ea002ba879de030c1a32a8f68496422cbcef696ff96d4b9521d689f28d51221d

SHA512
85002d3a21bb0e5108c20c9cd1f92c116647dd50969e9f1f77d85ff94c0083f6fc4aaf7ed1eca3139ba701778cee110d8c338701e9d55eb93be0e1627dcee8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe

Filesize
468KB

MD5
554130812df2779ea063a9aa97d06611

SHA1
8707a541c841b3bb3e39c901fff2d26cceb8745f

SHA256
9dd25435aee9dfdd8622e498ed6c2c0ae783fe43abe46f70670eab531ecc27d6

SHA512
c5e8738586afecdd605fa077dda663d126877c829ab4898ce5c7bbc00d6c4767aaa2e0d6596d6e0de9b8fb5f673902e39eefd8d2572503cd9133ff8c5ba1604e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe

Filesize
468KB

MD5
518102d0bfd9d0cb69b44535c880e3f1

SHA1
91444efef2e971d769ee32c1fb9e08f44788b24c

SHA256
cea9d07d79eb89bfbf895d1b27c28e5bbd9f5a455a03e7837eeab1b30b9de756

SHA512
12cf6a06aff3eb05a646eccbc8b69d123d5263e369852be21c5718ceccf72fd3ef60c9a56abf68be5e8e0a277f2ee1391040353b423ac5f1ed144dcee165547a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe

Filesize
468KB

MD5
3426b1767aac81c55b67233a38777ac5

SHA1
42ceb857896dda94f34e04b7c1b8169d4a57ef6e

SHA256
3bd577c0135924937ab01ffd8ac41efe1934d0463014c342aba6b05e09f43001

SHA512
5800e6e93859ee61968fe37f6fc06da6e4e7c79b89df2d1651a30dde74df73d5d70a0e7ac4dea0d47a571a63882804dc2397ab7ef729363fc439680468552760

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe

Filesize
468KB

MD5
98f7c11f39f312d580f8521302eadccf

SHA1
68f23c1f86a35e3aff86f97da1c5684d88f2436c

SHA256
2657e8fd8b327dab78ef47165e37e5c29f83fca3bcceb60912db2f2e98c648b5

SHA512
844beef3d8569c945d38804095f07d1874d9de38127f4a14b88ca4d2cef8f5ade228fb785ecc57f4a184802fb5b2a81f4046b476d6aac12853ebe8fd9a47fa05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe

Filesize
468KB

MD5
8a9f3a56539e73f0e0b2b3c80d775d34

SHA1
2ec3f4b87b5a7582597cb829bde5e6a9697d7393

SHA256
72825fc45f4a24e4bf4b9c6b30041ec74b455dcdb7b0372ae7a78503ed10f7fd

SHA512
5665e011e5bc4fdf1ced3bb161393835e6098794af55358e68b84eeada2dd21b2f4909ca64b66ef97296f3d5e353784825c7ffb092a8ec48981f68b8f3be6028

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe

Filesize
468KB

MD5
602bc8f2523b77cf0d87a2e4dc889792

SHA1
e03c0178570a1ed5c24731e4646515682b9997d2

SHA256
2d2e84d191fffb8823e7d7f0f6486ea04b3339299b8ff7c1d6d5a44d7bbd24b1

SHA512
08cd9e009de71588947f95e92af1c270b0d1537e40c0800c45f68a80d5a716b484ffb3044f3225976b98f44d21c001a9edf14ff8bad64929d84192c96fdc66f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe

Filesize
468KB

MD5
c6d30cb2264b727c9075ec1c9fe5c1c4

SHA1
4bc3e01b7b2bcd4e64214099d6e8225f0134acd7

SHA256
38f8da316ff58bde1c27bfd0b71ad54ab2b0f93c33c7a7d7bcd1e2bd73ca5081

SHA512
ce1437271198032d87f182af92474f393bdd5ebfb8875b766df09a40bac58e1527711de3f294ee448ce943c971662a08cf650e607e8b901554e4c48e6dee423d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe

Filesize
468KB

MD5
fc136cabc47f80d33f92371171a9c8db

SHA1
9eb5a6c7bd8d7bab8183703d0165851fbfb819ec

SHA256
cec39a3309b4058512d0946de3b2b0bbcda3ce6aefb96797db13580d41dd5c2b

SHA512
2e8cc4c2d21145d4a51464ece10f4fddb58d9e13611366bb5f1590094586eaed89eb42d6302b4bc6e3a75b88e9cf9da3cbb15aa42f7924c989a290d966a65d3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe

Filesize
468KB

MD5
80007489eb40c5ec744fa95e47c979e3

SHA1
ad7b518cec48ae811f7465bc67d78749bb03e795

SHA256
5114cf46b272398ef04355aa0c585d131daee49aba79f20b1eed7d80ae054055

SHA512
222af62a376350df03f273b21a04a5f8a802ea2bd6bb5fc525b32eae211e72e502ca8a2c3c2fdd4fc19e6d8c90974eaf27c3589c46f1a6a4dcaa0f12fe42a3e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe

Filesize
468KB

MD5
1c841ff0bbc286e281d34b00b8d68396

SHA1
0c63c0b06852c35bcdaba0c83035dd18151b4e6e

SHA256
2a0c803f12d0aa080f7ce628b9e44163183a3ee1e2b1ca2cfd9ed12b30846fb2

SHA512
744579d8c1795314bd9ed8725d013184e8f6c845c7e3917bb5df52617e78a8745daee4bb2a35ea316d232ac8c5f12973cf2184fc959a402998ca4e6193b9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe

Filesize
468KB

MD5
71e8d10c53d28921f6f1d2c0684a107a

SHA1
68c1d6c0e19ebbf0b5c7e0b5f29bb7ac22be0391

SHA256
3364240364e956cb795437e04aa7e02d0ae8d91c9d74acc313e0491dff45ce70

SHA512
6303d1fffc9b781b5b74a96a21505733f2498002511b0a74f521d41a6863f01c5272e5c9aaaf29cf86ddfe744e5e381aec788a07672aabd28d2de9c3ec7a4e7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe

Filesize
468KB

MD5
5e4df48e99af5ab62f20db66393f3fdf

SHA1
baddaae37da49d7f7cf69ea58844056026c83796

SHA256
600207327efbe8ed692cde2da13fb67093cae4c72081a2feffb85dd20b356269

SHA512
61a20754e8b503837b8df410bcdc14d439423dbf32c485f7463d69ea411c97a30e5b1a3867253824e4e1339db25ecac084b28df4dd2dcd8dfe34c85c3c9b166a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe

Filesize
468KB

MD5
59aede3ab8f76d5f371c93541e41fc80

SHA1
7c738a3e5becf3a83e533db5e127b80a0e6bbb9a

SHA256
707a0beb34803c6ae2e935e69a112eb8f978507a1d56c69d03b1719253489dd3

SHA512
96fd9e34f31856cc31fff79ba1f20635acde751d88b94c4c81a71f87e33edfed036e5343bbc76d6572403388128fb43256b0f3e446a7dc10994957c644d3e4bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-477.exe

Filesize
468KB

MD5
41975cd5b8adf883b26807926fb05925

SHA1
9ad2598761e48f843574bd8400d04911fa387af8

SHA256
7a193594d2d3156912c962fdfb761c807be01814031850c808ebc2599fb36b1e

SHA512
5b248ce21eedf3966d06d4190263bcaea421bbe96a218bdbd613b8e0c00bde68f255d4a11e4a09cf1cbb42c3ee1496399d24f9042c860977f27e4e962ce879a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe

Filesize
468KB

MD5
00bad0b66d6efe3ead0802c423ccb01f

SHA1
c608f93a26ae47041e2598a624c542d7f60c79b8

SHA256
0ac4a1f88c7b2c689cb444db27bf5eb932e087b1f55307f73f38953965dd017b

SHA512
c19ce76129d90f260bd7d47f1da067adcd1d87a26c640a6e832c884a0cd12de94c05bdab79519407805e6ed0692ee3fb6060af2a95e7eaa56c0cea7208e6168c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe

Filesize
468KB

MD5
9019e9982f53c18414ebc676d53d7a49

SHA1
3862c5170fe825fdb8a3f23afbb8486cd47513d3

SHA256
5a76248c73bd85a1d8037f578a822adcc294ff638e30066b3b5f4258e600625c

SHA512
885643b659ff7edd6c2b2becd52b30290b7139b491e836d35c927216b8cc50a68d4f0d9ae232f380888ae78f235317b2e0b28e75d4196bdb68945a2f9d73550a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe

Filesize
468KB

MD5
45cbec0cb5a96d229bf10f8d84accc2e

SHA1
cdd14509ec574bcd669bab4fd50aafc7cadb4128

SHA256
132a0d943d06ae61133a7e215efc6c22d806ca493c094d1bc23f6ccefb6550b5

SHA512
cde553f1c21f9eeeac932d1e97c4aa494cb5b3c2330393fd63fd26a59b37c3d5e42321f834f6b30c0741f1a6e5f2a11de56e92d2ae2fbb609426bed58ac86a8a

Download Submit