8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
Size

468KB
MD5

0319c634afe2a00eff6f8f0daceb8050
SHA1

101c99e76765a20d97accca773a14341995110e3
SHA256

8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6
SHA512

05f2d8ea62d108af82b3db1d297c031cf9581f47f8671e1b35b1808bc1cdda4b7cd94345f5f3ab1cb22c6e017aad839d56f19c550f5c8549d18b475f7a67bf99
SSDEEP

3072:4beTogxaId57tbYZPzcfmbfD/n2DnsIH/QmyeQVqPuhKkLiJuxilQ:4b6oCb7tCP4fmbfra1/uhD2Jux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2304	Unicorn-35650.exe
2336	Unicorn-13400.exe
1028	Unicorn-9871.exe
2368	Unicorn-57972.exe
2748	Unicorn-62803.exe
2900	Unicorn-16255.exe
2824	Unicorn-26652.exe
2716	Unicorn-32202.exe
2584	Unicorn-22424.exe
2596	Unicorn-50458.exe
2384	Unicorn-17786.exe
1848	Unicorn-63649.exe
1148	Unicorn-17978.exe
1428	Unicorn-17712.exe
980	Unicorn-11847.exe
2956	Unicorn-27729.exe
2408	Unicorn-20774.exe
2396	Unicorn-4376.exe
2328	Unicorn-28881.exe
2532	Unicorn-33903.exe
1788	Unicorn-53769.exe
1128	Unicorn-44839.exe
608	Unicorn-32062.exe
1248	Unicorn-25931.exe
1668	Unicorn-32062.exe
300	Unicorn-32062.exe
1772	Unicorn-28724.exe
1536	Unicorn-42460.exe
2024	Unicorn-40157.exe
340	Unicorn-6872.exe
2448	Unicorn-44376.exe
872	Unicorn-3494.exe
2268	Unicorn-41189.exe
1580	Unicorn-11854.exe
2500	Unicorn-30612.exe
2376	Unicorn-28684.exe
1672	Unicorn-53380.exe
2344	Unicorn-59747.exe
2412	Unicorn-43795.exe
2692	Unicorn-13499.exe
2768	Unicorn-5258.exe
1980	Unicorn-5523.exe
2868	Unicorn-28610.exe
2608	Unicorn-42346.exe
2724	Unicorn-48476.exe
3000	Unicorn-25787.exe
668	Unicorn-61989.exe
2836	Unicorn-12410.exe
1572	Unicorn-27203.exe
3052	Unicorn-61029.exe
1676	Unicorn-28357.exe
1092	Unicorn-1584.exe
3016	Unicorn-48393.exe
2984	Unicorn-2721.exe
1512	Unicorn-2721.exe
2156	Unicorn-56945.exe
2244	Unicorn-5143.exe
2044	Unicorn-27610.exe
2248	Unicorn-11465.exe
1356	Unicorn-61360.exe
1736	Unicorn-59057.exe
1704	Unicorn-26650.exe
1620	Unicorn-15336.exe
2256	Unicorn-35202.exe

Loads dropped DLL 64 IoCs

pid	Process
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
2304	Unicorn-35650.exe
2304	Unicorn-35650.exe
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
2336	Unicorn-13400.exe
2336	Unicorn-13400.exe
2304	Unicorn-35650.exe
2304	Unicorn-35650.exe
1028	Unicorn-9871.exe
1028	Unicorn-9871.exe
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
2368	Unicorn-57972.exe
2368	Unicorn-57972.exe
2336	Unicorn-13400.exe
2336	Unicorn-13400.exe
2824	Unicorn-26652.exe
2824	Unicorn-26652.exe
2748	Unicorn-62803.exe
2748	Unicorn-62803.exe
1028	Unicorn-9871.exe
2900	Unicorn-16255.exe
2900	Unicorn-16255.exe
1028	Unicorn-9871.exe
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
2304	Unicorn-35650.exe
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
2304	Unicorn-35650.exe
2716	Unicorn-32202.exe
2716	Unicorn-32202.exe
2368	Unicorn-57972.exe
2368	Unicorn-57972.exe
1428	Unicorn-17712.exe
1428	Unicorn-17712.exe
1148	Unicorn-17978.exe
1148	Unicorn-17978.exe
2900	Unicorn-16255.exe
2900	Unicorn-16255.exe
2584	Unicorn-22424.exe
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
2584	Unicorn-22424.exe
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
2336	Unicorn-13400.exe
1848	Unicorn-63649.exe
2596	Unicorn-50458.exe
980	Unicorn-11847.exe
2336	Unicorn-13400.exe
980	Unicorn-11847.exe
2596	Unicorn-50458.exe
1848	Unicorn-63649.exe
2824	Unicorn-26652.exe
1028	Unicorn-9871.exe
2824	Unicorn-26652.exe
1028	Unicorn-9871.exe
2304	Unicorn-35650.exe
2304	Unicorn-35650.exe
2384	Unicorn-17786.exe
2384	Unicorn-17786.exe
2748	Unicorn-62803.exe
2748	Unicorn-62803.exe
2956	Unicorn-27729.exe
2956	Unicorn-27729.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1688	1848	WerFault.exe	42
4056	3016	WerFault.exe	85
4884	2308	WerFault.exe	99

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32220.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
2304	Unicorn-35650.exe
2336	Unicorn-13400.exe
1028	Unicorn-9871.exe
2368	Unicorn-57972.exe
2748	Unicorn-62803.exe
2824	Unicorn-26652.exe
2900	Unicorn-16255.exe
2716	Unicorn-32202.exe
2596	Unicorn-50458.exe
2584	Unicorn-22424.exe
1148	Unicorn-17978.exe
1848	Unicorn-63649.exe
1428	Unicorn-17712.exe
980	Unicorn-11847.exe
2384	Unicorn-17786.exe
2956	Unicorn-27729.exe
2408	Unicorn-20774.exe
2396	Unicorn-4376.exe
2328	Unicorn-28881.exe
2532	Unicorn-33903.exe
1128	Unicorn-44839.exe
1788	Unicorn-53769.exe
1668	Unicorn-32062.exe
608	Unicorn-32062.exe
1248	Unicorn-25931.exe
300	Unicorn-32062.exe
1772	Unicorn-28724.exe
1536	Unicorn-42460.exe
2024	Unicorn-40157.exe
340	Unicorn-6872.exe
2448	Unicorn-44376.exe
872	Unicorn-3494.exe
1580	Unicorn-11854.exe
2500	Unicorn-30612.exe
2268	Unicorn-41189.exe
2376	Unicorn-28684.exe
2344	Unicorn-59747.exe
1672	Unicorn-53380.exe
2412	Unicorn-43795.exe
2692	Unicorn-13499.exe
1980	Unicorn-5523.exe
2768	Unicorn-5258.exe
2868	Unicorn-28610.exe
2724	Unicorn-48476.exe
2608	Unicorn-42346.exe
668	Unicorn-61989.exe
3000	Unicorn-25787.exe
2836	Unicorn-12410.exe
1572	Unicorn-27203.exe
3052	Unicorn-61029.exe
1676	Unicorn-28357.exe
1092	Unicorn-1584.exe
2984	Unicorn-2721.exe
1512	Unicorn-2721.exe
3016	Unicorn-48393.exe
2156	Unicorn-56945.exe
2044	Unicorn-27610.exe
2248	Unicorn-11465.exe
2244	Unicorn-5143.exe
1356	Unicorn-61360.exe
1704	Unicorn-26650.exe
1736	Unicorn-59057.exe
2256	Unicorn-35202.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2304	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	30
PID 1540 wrote to memory of 2304	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	30
PID 1540 wrote to memory of 2304	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	30
PID 1540 wrote to memory of 2304	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	30
PID 2304 wrote to memory of 2336	2304	Unicorn-35650.exe	31
PID 2304 wrote to memory of 2336	2304	Unicorn-35650.exe	31
PID 2304 wrote to memory of 2336	2304	Unicorn-35650.exe	31
PID 2304 wrote to memory of 2336	2304	Unicorn-35650.exe	31
PID 1540 wrote to memory of 1028	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	32
PID 1540 wrote to memory of 1028	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	32
PID 1540 wrote to memory of 1028	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	32
PID 1540 wrote to memory of 1028	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	32
PID 2336 wrote to memory of 2368	2336	Unicorn-13400.exe	33
PID 2336 wrote to memory of 2368	2336	Unicorn-13400.exe	33
PID 2336 wrote to memory of 2368	2336	Unicorn-13400.exe	33
PID 2336 wrote to memory of 2368	2336	Unicorn-13400.exe	33
PID 2304 wrote to memory of 2748	2304	Unicorn-35650.exe	34
PID 2304 wrote to memory of 2748	2304	Unicorn-35650.exe	34
PID 2304 wrote to memory of 2748	2304	Unicorn-35650.exe	34
PID 2304 wrote to memory of 2748	2304	Unicorn-35650.exe	34
PID 1028 wrote to memory of 2900	1028	Unicorn-9871.exe	35
PID 1028 wrote to memory of 2900	1028	Unicorn-9871.exe	35
PID 1028 wrote to memory of 2900	1028	Unicorn-9871.exe	35
PID 1028 wrote to memory of 2900	1028	Unicorn-9871.exe	35
PID 1540 wrote to memory of 2824	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	36
PID 1540 wrote to memory of 2824	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	36
PID 1540 wrote to memory of 2824	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	36
PID 1540 wrote to memory of 2824	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	36
PID 2368 wrote to memory of 2716	2368	Unicorn-57972.exe	37
PID 2368 wrote to memory of 2716	2368	Unicorn-57972.exe	37
PID 2368 wrote to memory of 2716	2368	Unicorn-57972.exe	37
PID 2368 wrote to memory of 2716	2368	Unicorn-57972.exe	37
PID 2336 wrote to memory of 2584	2336	Unicorn-13400.exe	38
PID 2336 wrote to memory of 2584	2336	Unicorn-13400.exe	38
PID 2336 wrote to memory of 2584	2336	Unicorn-13400.exe	38
PID 2336 wrote to memory of 2584	2336	Unicorn-13400.exe	38
PID 2824 wrote to memory of 2596	2824	Unicorn-26652.exe	39
PID 2824 wrote to memory of 2596	2824	Unicorn-26652.exe	39
PID 2824 wrote to memory of 2596	2824	Unicorn-26652.exe	39
PID 2824 wrote to memory of 2596	2824	Unicorn-26652.exe	39
PID 2748 wrote to memory of 2384	2748	Unicorn-62803.exe	40
PID 2748 wrote to memory of 2384	2748	Unicorn-62803.exe	40
PID 2748 wrote to memory of 2384	2748	Unicorn-62803.exe	40
PID 2748 wrote to memory of 2384	2748	Unicorn-62803.exe	40
PID 2900 wrote to memory of 1148	2900	Unicorn-16255.exe	41
PID 2900 wrote to memory of 1148	2900	Unicorn-16255.exe	41
PID 2900 wrote to memory of 1148	2900	Unicorn-16255.exe	41
PID 2900 wrote to memory of 1148	2900	Unicorn-16255.exe	41
PID 1028 wrote to memory of 1848	1028	Unicorn-9871.exe	42
PID 1028 wrote to memory of 1848	1028	Unicorn-9871.exe	42
PID 1028 wrote to memory of 1848	1028	Unicorn-9871.exe	42
PID 1028 wrote to memory of 1848	1028	Unicorn-9871.exe	42
PID 1540 wrote to memory of 1428	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	43
PID 1540 wrote to memory of 1428	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	43
PID 1540 wrote to memory of 1428	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	43
PID 1540 wrote to memory of 1428	1540	8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe	43
PID 2304 wrote to memory of 980	2304	Unicorn-35650.exe	44
PID 2304 wrote to memory of 980	2304	Unicorn-35650.exe	44
PID 2304 wrote to memory of 980	2304	Unicorn-35650.exe	44
PID 2304 wrote to memory of 980	2304	Unicorn-35650.exe	44
PID 2716 wrote to memory of 2956	2716	Unicorn-32202.exe	46
PID 2716 wrote to memory of 2956	2716	Unicorn-32202.exe	46
PID 2716 wrote to memory of 2956	2716	Unicorn-32202.exe	46
PID 2716 wrote to memory of 2956	2716	Unicorn-32202.exe	46

C:\Users\Admin\AppData\Local\Temp\8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe
"C:\Users\Admin\AppData\Local\Temp\8e6a7e3332386f59a0b799390bbd72453ba68f393bf8f7b5726cb90d0855b0d6N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        9⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        8⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
        7⤵
        Executes dropped EXE
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        7⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        7⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        7⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        7⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        7⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        7⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        6⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59187.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 220
        7⤵
        Program crash
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        6⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        7⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        6⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        6⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        5⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        6⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
        6⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        5⤵
        
        PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        7⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        6⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        6⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        6⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40079.exe
        5⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        5⤵
        
        PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        5⤵
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
      4⤵
      PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
      4⤵
      PID:5176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        6⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        7⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        6⤵
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        6⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        6⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
        5⤵
        
        PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
      4⤵
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
      4⤵
      PID:5992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        6⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        5⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        5⤵
        
        PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
      4⤵
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      4⤵
      PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
        5⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        5⤵
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        5⤵
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
      4⤵
      PID:5244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65139.exe
      4⤵
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
      4⤵
      PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
      4⤵
      PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
    3⤵
    PID:2436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
    3⤵
    PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
    3⤵
    PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
    3⤵
    PID:4844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        7⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        7⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        6⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        6⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        5⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55023.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        6⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50313.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
        5⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        5⤵
        
        PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61360.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
      4⤵
      PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
        7⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        6⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        5⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        5⤵
        
        PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        5⤵
        
        PID:3244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
        5⤵
        Program crash
        
        PID:4056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
      4⤵
      Program crash
      PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        6⤵
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        5⤵
        
        PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
      4⤵
      PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
      4⤵
      PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      4⤵
      PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      4⤵
      PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
      4⤵
      PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
      4⤵
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
      4⤵
      PID:5236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64337.exe
    3⤵
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55285.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
    3⤵
    PID:5016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        6⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        5⤵
        
        PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24384.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        5⤵
        
        PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
      4⤵
      PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
      4⤵
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
      4⤵
      PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        5⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
      4⤵
      PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
      4⤵
      PID:5384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
      4⤵
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
      4⤵
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
      4⤵
      PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
    3⤵
    PID:292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
    3⤵
    PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
    3⤵
    PID:5512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28684.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        5⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-508.exe
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
      4⤵
      PID:480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
      4⤵
      PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
      4⤵
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
      4⤵
      PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
      4⤵
      PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        5⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        5⤵
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
      4⤵
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
      4⤵
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      4⤵
      PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
      4⤵
      PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
    3⤵
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
      4⤵
      PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
    3⤵
    PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54755.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
    3⤵
    PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
    3⤵
    PID:5540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
      4⤵
      PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
    3⤵
    PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
    3⤵
    PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
    3⤵
    PID:4228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
    3⤵
    PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
    3⤵
    PID:5976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
    3⤵
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40613.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
    3⤵
    PID:348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
    3⤵
    PID:4076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
    3⤵
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
    3⤵
    PID:5268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
  2⤵
  PID:2112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
    3⤵
    PID:6104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
  2⤵
  PID:1548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
  2⤵
  PID:3740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
  2⤵
  PID:4436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
  2⤵
  PID:5220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe

Filesize
468KB

MD5
1403261548031fd23e8199c318cc115a

SHA1
a34579e77613bd7d3cd0a1980b8bb4b3efa07fd4

SHA256
e0561c272e5c87808311cb1665fd883393903b357f0645e1ccf16c9ee15de226

SHA512
87094e73c19c2d03ca0e365e8fe84f102100e73da3a0f979f75347467770fc82fc52a8f877ac965f2d9389df77ae78324616c79700393c8859dd6475e2503022

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe

Filesize
468KB

MD5
6f5ad9ebc83da411adbbf9e09c26e12a

SHA1
68ef77741aa6956a355172ef787a7a856b39d268

SHA256
a5da618241da49b742e7299562b0970184036145f03d90460286d7fddad56d87

SHA512
0994230b0771adf22c30db35d2ccdf2428d35fc053aa7b5345ce22c9c8b6cbd1fe2a86905a001c6f9c50a2731a7ee72959330597719173eae38d3dfb499e66ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe

Filesize
468KB

MD5
676ff92514c5300e38a8a64ace36400a

SHA1
4a9fffd8fa3b38d24b7c859fe111c2a3723746a9

SHA256
3d5f8c6bbe939d661cfe142ca0f211f646a43b68330aa8cd094cf0237686f28c

SHA512
737ab519094fe9f7b89663d78379caf6746d98ce6ab4526a49cfc9bdf37a279fc39f5136710f4207989082bbf00b33700fbf0962be38baef743d9e4e7a0822cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe

Filesize
468KB

MD5
08a27f0eb84a702c7e3f1f2d28b80b69

SHA1
b08b5a27a59a07fb719a140113ace753cfe125db

SHA256
de8c531faeb244829766b166f8019c4f8d486e23ae45394c9b2eaf157c8d07f5

SHA512
260659328f930b13201766b8199f09ba3e4228c8d14b835847aa7cd3c54f99672893e71bc57aeddc8df6de1512629eefacf11ec04918d4ea9b8dcc8f2eda8d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe

Filesize
468KB

MD5
09295989f015742fae46ed969598a0dd

SHA1
49ec13d18f84778b03cbd2427dfbe9cb0d168f0d

SHA256
3ae749f9d82e4a74060963d57b19983c8545fc5501db9b681fc533a5ac0a9f36

SHA512
c2352ff366bc221303f59b042f1bac7538cb7b083ba2c89079006a1c60a232f68dd94917faedea7ee6d4abf38fa19e12958fd10f0ec3b81e8bcaa6491cf46251

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe

Filesize
468KB

MD5
96f45144c0f3ea243beaf25f5e5fdce0

SHA1
d9ed37af9abe36d2392d6634fff9fdb0fa121139

SHA256
b748b322ed8d501b911837cae5a0ad97913df4684da233975c2e327f6f1d246f

SHA512
c4f147ffb9d67578655b8907e2c05fb2a5ec281ea194df647f5eae32af8501f3a635b4cc2773dff44875bc56ecadd93503a32875765fb505508701c4238ec44e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe

Filesize
468KB

MD5
5762cd3bb254efebed9b23d3e53ecbf3

SHA1
1a449729e32692af60a59dda8ad992f8635be047

SHA256
d7b9075c4fb0c94542de608395fb59ab6c3d23b48b1ef18a5f1f2d1c7ec54bd9

SHA512
bf36952990360ed9c2c8d257f36b980dbf8f779a29feddfa37f1d57d72732245c636d5996f76dcc18aaf44ac5c62fc7560e0f6f0690827cfed53e8a970c08621

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe

Filesize
468KB

MD5
849022e0b9d7a94f6b79a5a1c67771c8

SHA1
f2a1e8e991d7bac790bc554fa58175aeca39b3af

SHA256
1fbe2a164c6c2087fb23f45388155c4b01efce092e7f66799976634e0528e3df

SHA512
b8300cff9bfdbcedaaff3b9dfe063b7d139f853d9e29704503aad9800f3f4d424c49337ee881e9dc2a089b09f1cc364eab239812133595c6ac4763ee214685db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe

Filesize
468KB

MD5
dd51fe015f7a20f3b349880d5e774b95

SHA1
63f9b1f445e96e142681187106414e5ba0ca355d

SHA256
c202c716a30609c0b0fad4450b16fa15aa22050715553d627099e136036c88f0

SHA512
6f6e5dfcbf040bf0c148441d9ac8d7c69aa6e3439f3d21c5e958377d791738624cce7baef78ddb0248c7660a8729ae95129107d3999cbd751158a2ece2aeb43c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe

Filesize
468KB

MD5
077b9a27b22448dd18345f074ac3e70e

SHA1
85a45dc11c900474657d1a61aaa968a543d8d9ec

SHA256
5847cfc05e2e10a7d1530f567dc5d50fab634a940a938d82c83fcad3914fe591

SHA512
7df9a01f504872bb9534e77f59b4a4b9fc9d386c3d08395a8a46bdd2e80bff09f18f98df6c8a7c83708a66edff34626d58d26621510dbc8b62ac8f41eb59f741

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe

Filesize
468KB

MD5
c26f74dea8d2af5a921eb33fe0e60226

SHA1
5f3c420ea3b0ba8742e0486dab6fce605e9beb09

SHA256
1843082fc858c8203bd754c8623964ef959d58af0191958c034e4fd972814711

SHA512
e5c34e4977c654a25757a9dc6b600e774c382f17074af83c769b3c2bf3617c6f759553d7df19a948a341a9655099e83b14230ad9e5a359d359fe0cc5eb37a404

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe

Filesize
468KB

MD5
94345b9673412c07a0b2e12caa75e974

SHA1
a0929e6ccc961940d9bfb30ec2a401ce8a179521

SHA256
5dc10ab1255fa1088529605156c348785d0ce17385f31d25d558df5e8bab0683

SHA512
27e8350f98029a2523013aedf4eaeda5ea2241b2dda7f832db83261af7ebbcff78e16ec80f6f62bb9a1943e02d8de1e3840a9d2eab3f3050c893247085cf07ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe

Filesize
468KB

MD5
050f36e86a7cc3150581dfaef118cf09

SHA1
b9927f8c7d3e6102bba2d81d86fa2e32625ac8be

SHA256
e394a68a70ac05ce6b7e7d1869673295731155f04bb87153e8d175fd303e0b8a

SHA512
6892d9d6cb190ae131e0a15477a854e4ce1e4052edb1152b0432e972825ac02282af9bda2ca4ab2737a2cd266ef5d89fcf1b734e1ba96a80854357159f495de3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe

Filesize
468KB

MD5
67250932598dbe5d5335e50a49a84b06

SHA1
bc94cd7f1f038590e1bbdd1824e54a39ffb8164d

SHA256
77c29a675316a61812739cb2c05420744bec00aeb5f9e90fa7d39787ff990f7b

SHA512
3795aa53c44945556e12c16baf7d11d128c71cec1539ae8dc2b0858eb49a430970346aedaf625e75ba6ac3fadca56ffbe0bf8a5932c4834c833c86c7a3a5c7ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe

Filesize
468KB

MD5
7645201eb108d046e3096d088a2d33e8

SHA1
4bbaea518a197f25fc599dba0eca99859259e9ab

SHA256
275d05e6bcb000291d9656cc104ac5f2867784865898edca5ed3d68713843064

SHA512
1e05c78619d76ddad2eb3c9faccb3e77a65a236134b641166f91f496b463eb1631098f5b3ca8cbf11dc68ae1243d100def42bcc79b2582b046bac8bf2631e4b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe

Filesize
468KB

MD5
d6de3df7233af950a8cefe1dbb165e4e

SHA1
d26734f80cd3ff5a39b7600fa44eb27465b52ce0

SHA256
88085b4f2eb662a0fa76434bf69e47b9bb88b05dd0c717f67adeb9a734538e6d

SHA512
f656db407f076d2a27b03afaa47a148718920480312a3ae1e9b7dbaead174a1fd2ce72f0795c0367d208ad469a7ef93295ac7bde6a1da1083e512aa50a361c8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe

Filesize
468KB

MD5
157174df658c5c046efb7844d63fef41

SHA1
6e62af41f72dc73563bddbcdbe67f3b986db5986

SHA256
1b9df0028d7e1452abcfe8d76a708f1fef3d10346f660843fc48adb58efe5bbc

SHA512
83f1856e3f49d2f831605e28a44dbfddee113371569e0cf385aa5d19f16980c6a34d21b0247bceaa0e8ecea2504534736a45bc653580782b8bdaf75f2aa8c69d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe

Filesize
468KB

MD5
8e4d9e5556eaca5f58e2d16a9a61a54c

SHA1
41385fbeed2df6d0e1bc8da0c5af29122945b6e6

SHA256
42452dc4ba290bbeadedaadf9b055912a7c317da7ac477882245fd4d634ea152

SHA512
47e95b229d03b0236ee5ad84fd1ee1fa1fe598972666a417d4b3dab83ccc2ee58ca94a3bb7a3fc3c8eb4b2a1382772f01190bcd060c57835d090ba8a7409c40c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe

Filesize
468KB

MD5
2d83f7820b372731920c09a6e2589a71

SHA1
d5b3867adeef1b80c5702ba4757be0ecb0a68760

SHA256
1084086a597a1bf24f8d54a632980cdaa2ec72b4aeffa1d2a7272e68059dfd5f

SHA512
14ab4fb862749ecad5cecc49965314c9fb970c8f116a7a6806446bc6a6ed327f0c13e81fad56422b8426e4ba148d9b1719139a74f9d2b9643a3071ff74d7b0d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe

Filesize
468KB

MD5
745500e421b5bd886779759e0967d15d

SHA1
aa52829532225a44cd86da44eb459d4a67095036

SHA256
3f03c35cebe7c2bff61612cd68d265c7288829c13c372b044dfd3681e19e5dd6

SHA512
61d912fe0700febebf889ddd78f857f567cedfca70aa16680570a2706d6cd0affef1e3c678e44f3dd86eff54c3625677d00c93028354e4d6a9b3152459a97c26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe

Filesize
468KB

MD5
dd15ec135f5103b91f15d295f81a7661

SHA1
7c8d7fa839607ebe00afbfc6389d1181f441544c

SHA256
287ede03a7249957b8ec53474dd240ca498b4f2dfeda7b32555fde0b68c6901d

SHA512
e2133b03a3022fe95be8b63d618c6902017635192489006614e6ca4bcc7bfb2815e073d4fcaf1e06ea1200ddb9f763ad109ad8e3439ec6f33e4dfc23f86a366f

Download Submit