ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8f

Analysis

max time kernel
115s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
Size

468KB
MD5

e23fbd29deb4dce7c2e8e62e04aaa050
SHA1

245678e0e0ed18cad6ed27f52ad19278b418d94d
SHA256

ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8f
SHA512

cda0da32edf532e8df2f5d30f440ae42aab64ebd9afa1bb2e85d6d0f888199c73ffb6397292b85e87fc6aec916298c5d377e48217bede148257182aad0d2aa91
SSDEEP

3072:5ZACogbdhZJBtUYJPzcBff8/EChXsaplnYHCxEuCdk+2A98uUVEh:5Z1oy/BtjP4BfflS5odkRE8uU

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2800	Unicorn-1677.exe
2100	Unicorn-50398.exe
2764	Unicorn-8810.exe
2720	Unicorn-45048.exe
3040	Unicorn-7907.exe
2716	Unicorn-9531.exe
1876	Unicorn-35519.exe
2900	Unicorn-36818.exe
1980	Unicorn-21036.exe
1612	Unicorn-34078.exe
564	Unicorn-42992.exe
1976	Unicorn-5489.exe
2648	Unicorn-29537.exe
1744	Unicorn-23671.exe
2120	Unicorn-64695.exe
2368	Unicorn-61358.exe
1604	Unicorn-32023.exe
540	Unicorn-47657.exe
668	Unicorn-17031.exe
904	Unicorn-13309.exe
948	Unicorn-28899.exe
1848	Unicorn-25177.exe
1688	Unicorn-45043.exe
1972	Unicorn-57295.exe
600	Unicorn-48365.exe
2328	Unicorn-2156.exe
344	Unicorn-8286.exe
996	Unicorn-24358.exe
1452	Unicorn-3875.exe
988	Unicorn-16874.exe
2440	Unicorn-48992.exe
1528	Unicorn-60787.exe
2672	Unicorn-11851.exe
2684	Unicorn-28934.exe
2260	Unicorn-48800.exe
2660	Unicorn-46754.exe
2568	Unicorn-40994.exe
1044	Unicorn-15744.exe
1784	Unicorn-51715.exe
2860	Unicorn-32957.exe
2884	Unicorn-39271.exe
3012	Unicorn-30181.exe
1156	Unicorn-39095.exe
1396	Unicorn-5484.exe
1004	Unicorn-51156.exe
1920	Unicorn-9568.exe
1160	Unicorn-4523.exe
1572	Unicorn-29989.exe
912	Unicorn-62588.exe
2952	Unicorn-1208.exe
2216	Unicorn-57815.exe
408	Unicorn-14207.exe
2212	Unicorn-31717.exe
1316	Unicorn-49869.exe
2508	Unicorn-64581.exe
1960	Unicorn-33754.exe
876	Unicorn-20019.exe
1884	Unicorn-53206.exe
2388	Unicorn-11219.exe
2832	Unicorn-48738.exe
2324	Unicorn-57653.exe
2272	Unicorn-28126.exe
2180	Unicorn-32956.exe
1016	Unicorn-65074.exe

Loads dropped DLL 64 IoCs

pid	Process
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
2800	Unicorn-1677.exe
2800	Unicorn-1677.exe
2764	Unicorn-8810.exe
2764	Unicorn-8810.exe
2800	Unicorn-1677.exe
2100	Unicorn-50398.exe
2100	Unicorn-50398.exe
2800	Unicorn-1677.exe
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
2720	Unicorn-45048.exe
2720	Unicorn-45048.exe
2764	Unicorn-8810.exe
2764	Unicorn-8810.exe
3040	Unicorn-7907.exe
3040	Unicorn-7907.exe
2100	Unicorn-50398.exe
2100	Unicorn-50398.exe
2716	Unicorn-9531.exe
2716	Unicorn-9531.exe
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
2800	Unicorn-1677.exe
2800	Unicorn-1677.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2900	Unicorn-36818.exe
2900	Unicorn-36818.exe
2720	Unicorn-45048.exe
2720	Unicorn-45048.exe
1980	Unicorn-21036.exe
1980	Unicorn-21036.exe
2764	Unicorn-8810.exe
2764	Unicorn-8810.exe
1612	Unicorn-34078.exe
1612	Unicorn-34078.exe
3040	Unicorn-7907.exe
3040	Unicorn-7907.exe
1976	Unicorn-5489.exe
1976	Unicorn-5489.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
2716	Unicorn-9531.exe
2716	Unicorn-9531.exe
2648	Unicorn-29537.exe
2648	Unicorn-29537.exe
564	Unicorn-42992.exe
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
564	Unicorn-42992.exe
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2836	1876	WerFault.exe	36
1700	948	WerFault.exe	51

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30553.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
2800	Unicorn-1677.exe
2764	Unicorn-8810.exe
2100	Unicorn-50398.exe
2720	Unicorn-45048.exe
3040	Unicorn-7907.exe
2716	Unicorn-9531.exe
1876	Unicorn-35519.exe
2900	Unicorn-36818.exe
1980	Unicorn-21036.exe
1612	Unicorn-34078.exe
2648	Unicorn-29537.exe
1976	Unicorn-5489.exe
564	Unicorn-42992.exe
1744	Unicorn-23671.exe
2120	Unicorn-64695.exe
1604	Unicorn-32023.exe
2368	Unicorn-61358.exe
540	Unicorn-47657.exe
668	Unicorn-17031.exe
904	Unicorn-13309.exe
948	Unicorn-28899.exe
1848	Unicorn-25177.exe
1688	Unicorn-45043.exe
1972	Unicorn-57295.exe
600	Unicorn-48365.exe
2328	Unicorn-2156.exe
344	Unicorn-8286.exe
996	Unicorn-24358.exe
1452	Unicorn-3875.exe
988	Unicorn-16874.exe
2440	Unicorn-48992.exe
1528	Unicorn-60787.exe
2672	Unicorn-11851.exe
2684	Unicorn-28934.exe
2260	Unicorn-48800.exe
2660	Unicorn-46754.exe
2568	Unicorn-40994.exe
1044	Unicorn-15744.exe
1784	Unicorn-51715.exe
2860	Unicorn-32957.exe
2884	Unicorn-39271.exe
3012	Unicorn-30181.exe
1396	Unicorn-5484.exe
1004	Unicorn-51156.exe
1156	Unicorn-39095.exe
1920	Unicorn-9568.exe
1160	Unicorn-4523.exe
1572	Unicorn-29989.exe
912	Unicorn-62588.exe
2952	Unicorn-1208.exe
2216	Unicorn-57815.exe
408	Unicorn-14207.exe
2212	Unicorn-31717.exe
1316	Unicorn-49869.exe
2508	Unicorn-64581.exe
876	Unicorn-20019.exe
1960	Unicorn-33754.exe
1884	Unicorn-53206.exe
2388	Unicorn-11219.exe
2832	Unicorn-48738.exe
2180	Unicorn-32956.exe
2272	Unicorn-28126.exe
2324	Unicorn-57653.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2800	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	30
PID 2696 wrote to memory of 2800	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	30
PID 2696 wrote to memory of 2800	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	30
PID 2696 wrote to memory of 2800	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	30
PID 2696 wrote to memory of 2100	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	31
PID 2696 wrote to memory of 2100	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	31
PID 2696 wrote to memory of 2100	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	31
PID 2696 wrote to memory of 2100	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	31
PID 2800 wrote to memory of 2764	2800	Unicorn-1677.exe	32
PID 2800 wrote to memory of 2764	2800	Unicorn-1677.exe	32
PID 2800 wrote to memory of 2764	2800	Unicorn-1677.exe	32
PID 2800 wrote to memory of 2764	2800	Unicorn-1677.exe	32
PID 2764 wrote to memory of 2720	2764	Unicorn-8810.exe	33
PID 2764 wrote to memory of 2720	2764	Unicorn-8810.exe	33
PID 2764 wrote to memory of 2720	2764	Unicorn-8810.exe	33
PID 2764 wrote to memory of 2720	2764	Unicorn-8810.exe	33
PID 2100 wrote to memory of 3040	2100	Unicorn-50398.exe	35
PID 2100 wrote to memory of 3040	2100	Unicorn-50398.exe	35
PID 2100 wrote to memory of 3040	2100	Unicorn-50398.exe	35
PID 2100 wrote to memory of 3040	2100	Unicorn-50398.exe	35
PID 2800 wrote to memory of 2716	2800	Unicorn-1677.exe	34
PID 2800 wrote to memory of 2716	2800	Unicorn-1677.exe	34
PID 2800 wrote to memory of 2716	2800	Unicorn-1677.exe	34
PID 2800 wrote to memory of 2716	2800	Unicorn-1677.exe	34
PID 2696 wrote to memory of 1876	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	36
PID 2696 wrote to memory of 1876	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	36
PID 2696 wrote to memory of 1876	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	36
PID 2696 wrote to memory of 1876	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	36
PID 2720 wrote to memory of 2900	2720	Unicorn-45048.exe	37
PID 2720 wrote to memory of 2900	2720	Unicorn-45048.exe	37
PID 2720 wrote to memory of 2900	2720	Unicorn-45048.exe	37
PID 2720 wrote to memory of 2900	2720	Unicorn-45048.exe	37
PID 2764 wrote to memory of 1980	2764	Unicorn-8810.exe	38
PID 2764 wrote to memory of 1980	2764	Unicorn-8810.exe	38
PID 2764 wrote to memory of 1980	2764	Unicorn-8810.exe	38
PID 2764 wrote to memory of 1980	2764	Unicorn-8810.exe	38
PID 3040 wrote to memory of 1612	3040	Unicorn-7907.exe	39
PID 3040 wrote to memory of 1612	3040	Unicorn-7907.exe	39
PID 3040 wrote to memory of 1612	3040	Unicorn-7907.exe	39
PID 3040 wrote to memory of 1612	3040	Unicorn-7907.exe	39
PID 2100 wrote to memory of 564	2100	Unicorn-50398.exe	40
PID 2100 wrote to memory of 564	2100	Unicorn-50398.exe	40
PID 2100 wrote to memory of 564	2100	Unicorn-50398.exe	40
PID 2100 wrote to memory of 564	2100	Unicorn-50398.exe	40
PID 2716 wrote to memory of 1976	2716	Unicorn-9531.exe	41
PID 2716 wrote to memory of 1976	2716	Unicorn-9531.exe	41
PID 2716 wrote to memory of 1976	2716	Unicorn-9531.exe	41
PID 2716 wrote to memory of 1976	2716	Unicorn-9531.exe	41
PID 1876 wrote to memory of 2836	1876	Unicorn-35519.exe	42
PID 1876 wrote to memory of 2836	1876	Unicorn-35519.exe	42
PID 1876 wrote to memory of 2836	1876	Unicorn-35519.exe	42
PID 1876 wrote to memory of 2836	1876	Unicorn-35519.exe	42
PID 2696 wrote to memory of 2648	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	43
PID 2696 wrote to memory of 2648	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	43
PID 2696 wrote to memory of 2648	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	43
PID 2696 wrote to memory of 2648	2696	ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe	43
PID 2800 wrote to memory of 1744	2800	Unicorn-1677.exe	44
PID 2800 wrote to memory of 1744	2800	Unicorn-1677.exe	44
PID 2800 wrote to memory of 1744	2800	Unicorn-1677.exe	44
PID 2800 wrote to memory of 1744	2800	Unicorn-1677.exe	44
PID 2900 wrote to memory of 2120	2900	Unicorn-36818.exe	45
PID 2900 wrote to memory of 2120	2900	Unicorn-36818.exe	45
PID 2900 wrote to memory of 2120	2900	Unicorn-36818.exe	45
PID 2900 wrote to memory of 2120	2900	Unicorn-36818.exe	45

C:\Users\Admin\AppData\Local\Temp\ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe
"C:\Users\Admin\AppData\Local\Temp\ba8fb873f7b5d964c4f6c68a9e44625eef0ca59dc65c35e1fa9c17b2530ddf8fN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3875.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31717.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        9⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35961.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63830.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        7⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        9⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        7⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33754.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        7⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        6⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        7⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        7⤵
        Executes dropped EXE
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        8⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        8⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        7⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        7⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        7⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        6⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        7⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        6⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        6⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        5⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        6⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
        5⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
        5⤵
        
        PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62930.exe
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17255.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
        7⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33362.exe
        6⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43603.exe
        8⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        7⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        6⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
        5⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11109.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        6⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        5⤵
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        6⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        7⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40268.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        6⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        5⤵
        
        PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        5⤵
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        5⤵
        
        PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5865.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
      4⤵
      PID:5164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 200
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
        5⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        5⤵
        
        PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        6⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        7⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        6⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        6⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        5⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        6⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        5⤵
        
        PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        7⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
        6⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        5⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        5⤵
        
        PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        5⤵
        
        PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
      4⤵
      PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
      4⤵
      PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        6⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        7⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31792.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        5⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        5⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
      4⤵
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
      4⤵
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
      4⤵
      PID:5688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        5⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        5⤵
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
      4⤵
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        5⤵
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63830.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
      4⤵
      PID:4468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
      4⤵
      PID:5680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
    3⤵
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30930.exe
    3⤵
    PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42829.exe
    3⤵
    PID:4308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
    3⤵
    PID:5176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
        7⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        6⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
        6⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25288.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        7⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        7⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        5⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        5⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        5⤵
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        7⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        6⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48795.exe
        6⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58152.exe
        7⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        7⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        5⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42106.exe
        5⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        5⤵
        
        PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
      4⤵
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        5⤵
        
        PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
      4⤵
      PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
        6⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
        7⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        6⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        5⤵
        
        PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        5⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        6⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        5⤵
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        5⤵
        
        PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
      4⤵
      PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
      4⤵
      PID:5412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        5⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
      4⤵
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12521.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
      4⤵
      PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        5⤵
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
      4⤵
      PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
    3⤵
    PID:5532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        6⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        5⤵
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
      4⤵
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14207.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
      4⤵
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
      4⤵
      PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17200.exe
    3⤵
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
      4⤵
      PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
      4⤵
      PID:5500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
    3⤵
    PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
    3⤵
    PID:5512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48365.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48365.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
      4⤵
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
      4⤵
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32810.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
      4⤵
      PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
    3⤵
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
      4⤵
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
      4⤵
      PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
    3⤵
    PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
    3⤵
    PID:5672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
    3⤵
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
      4⤵
      PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
    3⤵
    PID:984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
    3⤵
    PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
    3⤵
    PID:5288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
  2⤵
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
    3⤵
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
      4⤵
      PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
    3⤵
    PID:3980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
    3⤵
    PID:5664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16633.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16633.exe
  2⤵
  PID:2564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
  2⤵
  PID:3316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
  2⤵
  PID:4384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe

Filesize
468KB

MD5
1856140315852adb34c131b86e323ec6

SHA1
729ea11456074ea777537e812cfff64ae311469d

SHA256
2397eff65706cda1b3bd11e9d3d8fa48c2c882ba1b1d0888b10f8952935e8bc2

SHA512
b9377fe6ec29a21a8be9a645da25a0f618c86274de7bd4233fc64869d0907e6cc7ea517ca48cd8e649c374e826c767810b93ad93e576be92b277d3d1a5e12419

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe

Filesize
468KB

MD5
03b67c28f1db8e693956f09e9455aca9

SHA1
ef59c4705461f6820cef0491ed8af1d338c611c2

SHA256
96e3c645a23b755590010cb05d63ff6593949c9203c6e01ac856732335a746b2

SHA512
73252f4e0839b2b749181fec8728cf284c1d9155a5cca6e3cf8364eddfd72534e88dbaac4df1518dee80a2bc91cf3cf780f540e76935fdfcab17e646e08ad37f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe

Filesize
468KB

MD5
77b81be3c701e815e403f88ba19b6a8f

SHA1
31a0b91059b2d8791575b6c91042bed989777d3f

SHA256
9856a5ec02b756228319958e7ce04faffc19a1a2496de637a585d10ada130445

SHA512
002b7c060ebd4e7e15198ed63ccf73671d7aebaac56e736157c40d6dc4a50881f3dbd5cf416451da9687ada49c3a83812933a3a4f7494eeaed6d2abb159cb4d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe

Filesize
468KB

MD5
30f4064861fc4d4d77daa3e9a61cca70

SHA1
265d5e68ae46256e42faa6e082843042f4f04d7c

SHA256
c9760a2cd7f1399cf6f06a21de0cbb4b027038698795420b809e0de1ca08965f

SHA512
419710b7b3e4dbf518104c8d3382d71e04e8252c00a1e6c2c01f55b09ab996da18f73b4e70165f5502d8d4fe7a69d56ce52c1e7d46b4cbcc8fff1cfecca115d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe

Filesize
468KB

MD5
d300bbcdf7395064e062f9a719e0d29b

SHA1
c84b7962410d1b9666c4017594dd5f915dc0fc67

SHA256
0901117a24f4b812ea4f930b6d29c12ea2df2cc176dd83d5054a9f71eca0dbda

SHA512
7ddd9d3b45528ff027dbb1f1c4850c6ac2489bef06594cc5ababd0f2dec6e9e44c9e577dc985feaec2fda18bc772be62a3a758162cfa314620fadf5bc2dcd403

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe

Filesize
468KB

MD5
be652797219112b2244c887a2e6ff9cd

SHA1
ae38bc26d5d255a3dc7f5f678af6e005c03375dc

SHA256
55429fcf9a210f116f50867604b4863ca81065315e042bef2e70f2ce5e92d064

SHA512
07fbf79287e40213bfbe643e44b15ca49ada372ed454f5fbfae1660d6084a0776bd7180614e78093c0a5d940d2299c9be4b1444dfba1509f4608aa65c87e2b16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe

Filesize
468KB

MD5
76ed7045db6f5b32e28272ea9fd19765

SHA1
4040428f4f1263fca677786e8fcc02a790427481

SHA256
2aeaed7badd5fdf0cdc57efbf1ac7ed30720858c48208771adab048048a48a8e

SHA512
7081f147ac616c627e684fee74f43b19e96004e146273223c6a9aa07c0612db3f27d2d883eccabecb09e0e982da9ae6d4907d5a3fa743140cd94cc309991610a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe

Filesize
468KB

MD5
b1e495c36855ed270cecb7270eedbff8

SHA1
de739f5facecf4bc7b8d2b5ba55071c76aaaec84

SHA256
dd4cb202739e3f5c2cdf9b961b8ad802aa036d68e1667bf5dd37f17b5ce56b30

SHA512
651394cd10d19d34e6e65670497e09499eb351486f645426c9fcbf72cac949daab306d5bb9d174f1ffb28bf80f4f6e3d7f5964e77ef0122068aee76a764c8d03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe

Filesize
468KB

MD5
636b550d8fbb6f66dc7a93fd27c81e67

SHA1
291c8955e8ce0b6c3936726106bffba383c8f724

SHA256
2625f63ac1495107912e3790d4f58df150aede88ce92e9c1ef3cb05d84756ff4

SHA512
d758fc1da200fec4a731124df8a6139d6ecad4bbd80a505dc0230938cb0a3d14ca63bcee8f702c9a235fd6e849e27b75538bfd6a08daa40fb9a8afa56ceb98ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe

Filesize
468KB

MD5
ae73e501c8935e6e62471ebe7493b614

SHA1
9fa16f4f492430cdc384d2b02849dcc0a4400cb5

SHA256
d275133b045a08d3d4a024c45964a488c4d460628aa95f84d5f2ec8e9abebe0c

SHA512
dc68bcaa80ea1fac7f978d44a2782a1b8aa471721205c004b334dbedbae37eca50637842f69b6d76a6f2f281cd609dd82df280d8ad1d7eaecbdfb5dd3b7daed4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe

Filesize
468KB

MD5
f19588d2a3bf5a6072a2d980d8446d23

SHA1
0b8a549e985c8f198cc8736716129874a76390d1

SHA256
93b11eaf33cf71a3a6c454845c068a589ac53140f713b9c98395b5bf864afe3a

SHA512
88974c04a16551d4b3052c3ab81c8f450b37c314dd4218073156b020f4c365df6e7e1a4aabadcdc600f027462c31bff1c035ea8e1f80d6cb2cd1edd4bef7cce0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe

Filesize
468KB

MD5
ff796b9e5182f2d229a96c41da14f578

SHA1
15d0092f3cdea268fbd245fb3aadf9fc683074bf

SHA256
55d2b57e1d97862890561c1ee5b33fdaa366a3a7ae315279253c8049f961b6f8

SHA512
5acb3ab942df70fc837f8e32853d44c224e0258f483f876034bacbeedf1e28a801499fddb9f5f847a4b5736abc1ef560452bceb65f9cd52be777bbdd8cba8cb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe

Filesize
468KB

MD5
330cfd5cb71966208576e74c7302c6ef

SHA1
bdc3d8472c8273a165d5b7a01f4a308a1cbe3b4a

SHA256
938aa8c83dc7614d8fef7d997950fe5015fe1087a98eb09ebded3f938c8029cd

SHA512
c2c82d6d605f280fe888c8b21658df32663bfa7db11065050b53028fac1e6ed5ee5cc607e5a8fa96d4d1c6be11a33945c9aee8d60e0449492cded37cc0219906

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe

Filesize
468KB

MD5
45172e07a5fea38bf2c35df5f18e4222

SHA1
5c2da13bec782038c7506bb776e947755b17c250

SHA256
e205d5210f8bae1df5cd252a60f9220a39f65347a711a6923b58b1c734949674

SHA512
e52d1a1c527734a2b8f6bfe117085aec5d2b5c9907d5af8e1af9ff9389880ecd8228a5fc892abd5b739b7f33098da3da4ead8a3470d0792d0d45a9883ad6830a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe

Filesize
468KB

MD5
ba7b564b66c6c96ffb30dcd285bf4144

SHA1
aea19ad951483e674ca85fbfb86c66b90fd3c314

SHA256
27c748ccaf221c0bc327c9075eed12dc1ff21272a82f9c5eb4486ef64fce33ad

SHA512
460f823965810b06885286094c6a23018e0ef899b486d4b33f73be0168ae3d9a0f7509f674b170f9dca5ac5d69c3ad1c2f4452458597aa2cafaf2b070780be54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe

Filesize
468KB

MD5
c081de6b0d887a74af5d5743cace7aca

SHA1
20253f06dd4c573e3499b006f20d77973d084809

SHA256
11e7fd813297c15837d99b9ff7d95b406ba6b85d6fc1ddc61cd36aca08029eb9

SHA512
1373c17e5d0b1329b4b9c1e39ddeea9d5f35bb5116e0f661d6b05d3fa6feb8475803091643f6f4217927618ec2981af9cf5b211b6d5164c5e385530a8340d29c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe

Filesize
468KB

MD5
8debb7b79d9e0c278607d25db9a14358

SHA1
08b3c7f1377c80d52186f58c764b1136f0962446

SHA256
02e6472ee89d0a8eaf243762875d946d573e46e19f790ae6da936aaeabfd3f04

SHA512
f38d72339ff02b9ba47e6461c43f16986a371c54199de581758b93e0af71ce8a19f6b6f5e30826b376262a1471451eb4349a0d08b0d4603618741a48b714b8ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe

Filesize
468KB

MD5
8f20775028e81bc254e7787aa4ee0f56

SHA1
facf06b6d0121cd781e70b0a5f92e693c95e34f0

SHA256
3796bd0036b627a537215d12d972b3bdc1bf6e971781bd0b8e62b12bc5a9a401

SHA512
60ac60c1d8a7425c27bfe7085037f1803d4226d9a92b2e312187ce66762a513a381b77881977aee4e135dde7b357f0d2beafd3f05daeee7711abc01541f7d708

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe

Filesize
468KB

MD5
eeae13a8cbc4b6186fa6323e8032422e

SHA1
db3c5952ad684b7cc22311f67956a7637fd696d2

SHA256
eb652a580b2f8c697882064ef2f028a0f1bfc4db137ee3013f08a9b172afa887

SHA512
58272cb2e537ca9f5248204a61b22e2d5fec1df2baf530aa2a456430c4258ca27faefeb385d09b5e9030ee03c5233a67122a7ca552e47543459b62a4c67f115e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe

Filesize
468KB

MD5
8489b066f891fa51f144a9a2fb45fd14

SHA1
3195a66ed9bd86f7954307b7ed9de0c3b7136ca4

SHA256
4ee396831c04229b51f7aad6772b1a39407b145fd47431f6d0a927efcbf6cd92

SHA512
8d39bc5b85f25b106c022c6f48610ef77f7b90bc6f83944fd9f476b2088f3889a7e2b910c5ecaeeaa338a6dde540ab96513d1d25ec92b6e844d1ee7ac3f3038e

Download Submit