ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640

Analysis

max time kernel
114s
max time network
17s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
Size

468KB
MD5

d08ceb222874a541980c984f4afeff22
SHA1

5ec760cc5136499d74a4ddf08602d935787f849c
SHA256

ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640
SHA512

2fe34a741b0ada227442d7ac4398044525a958bd786c51529f579c640b4ac28a70c28a0e9c71183cdd6ac5b8e04da38f2ac360539afffc440fb4613404511b48
SSDEEP

3072:4bmlogxaIU57tbnTPzcfmbfD/n2DnsIH9QmyeQVqxu5Kkkh3ux2lj0:4bAoCc7tXP4fmbfra7Bu5D83uxr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2420	Unicorn-35398.exe
2584	Unicorn-51578.exe
2384	Unicorn-9990.exe
2996	Unicorn-14204.exe
2984	Unicorn-18097.exe
2716	Unicorn-65251.exe
2700	Unicorn-2315.exe
868	Unicorn-26300.exe
2764	Unicorn-54334.exe
784	Unicorn-26898.exe
2952	Unicorn-59305.exe
1420	Unicorn-55486.exe
2144	Unicorn-14453.exe
1960	Unicorn-60125.exe
2960	Unicorn-8323.exe
2932	Unicorn-63099.exe
296	Unicorn-46571.exe
1088	Unicorn-26705.exe
796	Unicorn-3492.exe
1800	Unicorn-22752.exe
940	Unicorn-32072.exe
1348	Unicorn-25881.exe
1900	Unicorn-57323.exe
2976	Unicorn-64744.exe
736	Unicorn-38194.exe
1560	Unicorn-44324.exe
2356	Unicorn-40240.exe
2064	Unicorn-57131.exe
968	Unicorn-52035.exe
2204	Unicorn-28350.exe
1648	Unicorn-34293.exe
1596	Unicorn-62881.exe
2212	Unicorn-43015.exe
2452	Unicorn-40223.exe
2352	Unicorn-46353.exe
2556	Unicorn-21583.exe
2304	Unicorn-21849.exe
2572	Unicorn-17573.exe
2844	Unicorn-34655.exe
2824	Unicorn-11495.exe
2692	Unicorn-23555.exe
2712	Unicorn-6472.exe
1524	Unicorn-43229.exe
1476	Unicorn-62880.exe
2876	Unicorn-53435.exe
1144	Unicorn-59565.exe
744	Unicorn-59373.exe
2372	Unicorn-39507.exe
2936	Unicorn-59373.exe
1828	Unicorn-29668.exe
2916	Unicorn-4095.exe
1384	Unicorn-60717.exe
1760	Unicorn-8501.exe
2940	Unicorn-27588.exe
2272	Unicorn-22599.exe
1032	Unicorn-65486.exe
1832	Unicorn-45621.exe
1092	Unicorn-19607.exe
292	Unicorn-28538.exe
1704	Unicorn-50996.exe
1544	Unicorn-12969.exe
756	Unicorn-42112.exe
108	Unicorn-41558.exe
772	Unicorn-27120.exe

Loads dropped DLL 64 IoCs

pid	Process
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
2420	Unicorn-35398.exe
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
2420	Unicorn-35398.exe
2384	Unicorn-9990.exe
2384	Unicorn-9990.exe
2420	Unicorn-35398.exe
2584	Unicorn-51578.exe
2584	Unicorn-51578.exe
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
2420	Unicorn-35398.exe
2996	Unicorn-14204.exe
2384	Unicorn-9990.exe
2996	Unicorn-14204.exe
2384	Unicorn-9990.exe
2716	Unicorn-65251.exe
2716	Unicorn-65251.exe
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
2984	Unicorn-18097.exe
2984	Unicorn-18097.exe
2584	Unicorn-51578.exe
2700	Unicorn-2315.exe
2584	Unicorn-51578.exe
2700	Unicorn-2315.exe
2420	Unicorn-35398.exe
2420	Unicorn-35398.exe
2764	Unicorn-54334.exe
2764	Unicorn-54334.exe
868	Unicorn-26300.exe
2996	Unicorn-14204.exe
2996	Unicorn-14204.exe
868	Unicorn-26300.exe
2384	Unicorn-9990.exe
2384	Unicorn-9990.exe
2952	Unicorn-59305.exe
2952	Unicorn-59305.exe
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
784	Unicorn-26898.exe
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
784	Unicorn-26898.exe
2716	Unicorn-65251.exe
2716	Unicorn-65251.exe
1960	Unicorn-60125.exe
1960	Unicorn-60125.exe
2584	Unicorn-51578.exe
2144	Unicorn-14453.exe
2584	Unicorn-51578.exe
2144	Unicorn-14453.exe
1420	Unicorn-55486.exe
1420	Unicorn-55486.exe
2700	Unicorn-2315.exe
2700	Unicorn-2315.exe
2420	Unicorn-35398.exe
2420	Unicorn-35398.exe
2984	Unicorn-18097.exe
2984	Unicorn-18097.exe
296	Unicorn-46571.exe
296	Unicorn-46571.exe
868	Unicorn-26300.exe
1088	Unicorn-26705.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5640	2576	WerFault.exe	145

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3159.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
2420	Unicorn-35398.exe
2384	Unicorn-9990.exe
2584	Unicorn-51578.exe
2996	Unicorn-14204.exe
2716	Unicorn-65251.exe
2984	Unicorn-18097.exe
2700	Unicorn-2315.exe
2764	Unicorn-54334.exe
868	Unicorn-26300.exe
784	Unicorn-26898.exe
2952	Unicorn-59305.exe
1420	Unicorn-55486.exe
2144	Unicorn-14453.exe
2960	Unicorn-8323.exe
1960	Unicorn-60125.exe
296	Unicorn-46571.exe
2932	Unicorn-63099.exe
1088	Unicorn-26705.exe
796	Unicorn-3492.exe
1800	Unicorn-22752.exe
940	Unicorn-32072.exe
1900	Unicorn-57323.exe
1348	Unicorn-25881.exe
2976	Unicorn-64744.exe
736	Unicorn-38194.exe
1560	Unicorn-44324.exe
2356	Unicorn-40240.exe
2064	Unicorn-57131.exe
968	Unicorn-52035.exe
2204	Unicorn-28350.exe
1648	Unicorn-34293.exe
1596	Unicorn-62881.exe
2556	Unicorn-21583.exe
2572	Unicorn-17573.exe
2352	Unicorn-46353.exe
2844	Unicorn-34655.exe
2304	Unicorn-21849.exe
2452	Unicorn-40223.exe
2824	Unicorn-11495.exe
2692	Unicorn-23555.exe
2712	Unicorn-6472.exe
1524	Unicorn-43229.exe
1476	Unicorn-62880.exe
1144	Unicorn-59565.exe
2876	Unicorn-53435.exe
2372	Unicorn-39507.exe
2936	Unicorn-59373.exe
2916	Unicorn-4095.exe
1760	Unicorn-8501.exe
1828	Unicorn-29668.exe
1384	Unicorn-60717.exe
2940	Unicorn-27588.exe
2272	Unicorn-22599.exe
1032	Unicorn-65486.exe
1832	Unicorn-45621.exe
1092	Unicorn-19607.exe
292	Unicorn-28538.exe
1704	Unicorn-50996.exe
1544	Unicorn-12969.exe
756	Unicorn-42112.exe
108	Unicorn-41558.exe
772	Unicorn-27120.exe
1396	Unicorn-28219.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 2420	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	30
PID 1272 wrote to memory of 2420	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	30
PID 1272 wrote to memory of 2420	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	30
PID 1272 wrote to memory of 2420	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	30
PID 1272 wrote to memory of 2584	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	32
PID 1272 wrote to memory of 2584	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	32
PID 1272 wrote to memory of 2584	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	32
PID 1272 wrote to memory of 2584	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	32
PID 2420 wrote to memory of 2384	2420	Unicorn-35398.exe	31
PID 2420 wrote to memory of 2384	2420	Unicorn-35398.exe	31
PID 2420 wrote to memory of 2384	2420	Unicorn-35398.exe	31
PID 2420 wrote to memory of 2384	2420	Unicorn-35398.exe	31
PID 2384 wrote to memory of 2996	2384	Unicorn-9990.exe	34
PID 2384 wrote to memory of 2996	2384	Unicorn-9990.exe	34
PID 2384 wrote to memory of 2996	2384	Unicorn-9990.exe	34
PID 2384 wrote to memory of 2996	2384	Unicorn-9990.exe	34
PID 2584 wrote to memory of 2984	2584	Unicorn-51578.exe	36
PID 2584 wrote to memory of 2984	2584	Unicorn-51578.exe	36
PID 2584 wrote to memory of 2984	2584	Unicorn-51578.exe	36
PID 2584 wrote to memory of 2984	2584	Unicorn-51578.exe	36
PID 1272 wrote to memory of 2716	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	37
PID 1272 wrote to memory of 2716	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	37
PID 1272 wrote to memory of 2716	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	37
PID 1272 wrote to memory of 2716	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	37
PID 2420 wrote to memory of 2700	2420	Unicorn-35398.exe	35
PID 2420 wrote to memory of 2700	2420	Unicorn-35398.exe	35
PID 2420 wrote to memory of 2700	2420	Unicorn-35398.exe	35
PID 2420 wrote to memory of 2700	2420	Unicorn-35398.exe	35
PID 2996 wrote to memory of 2764	2996	Unicorn-14204.exe	38
PID 2996 wrote to memory of 2764	2996	Unicorn-14204.exe	38
PID 2996 wrote to memory of 2764	2996	Unicorn-14204.exe	38
PID 2996 wrote to memory of 2764	2996	Unicorn-14204.exe	38
PID 2384 wrote to memory of 868	2384	Unicorn-9990.exe	39
PID 2384 wrote to memory of 868	2384	Unicorn-9990.exe	39
PID 2384 wrote to memory of 868	2384	Unicorn-9990.exe	39
PID 2384 wrote to memory of 868	2384	Unicorn-9990.exe	39
PID 2716 wrote to memory of 784	2716	Unicorn-65251.exe	40
PID 2716 wrote to memory of 784	2716	Unicorn-65251.exe	40
PID 2716 wrote to memory of 784	2716	Unicorn-65251.exe	40
PID 2716 wrote to memory of 784	2716	Unicorn-65251.exe	40
PID 1272 wrote to memory of 2952	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	41
PID 1272 wrote to memory of 2952	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	41
PID 1272 wrote to memory of 2952	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	41
PID 1272 wrote to memory of 2952	1272	ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe	41
PID 2984 wrote to memory of 1420	2984	Unicorn-18097.exe	42
PID 2984 wrote to memory of 1420	2984	Unicorn-18097.exe	42
PID 2984 wrote to memory of 1420	2984	Unicorn-18097.exe	42
PID 2984 wrote to memory of 1420	2984	Unicorn-18097.exe	42
PID 2584 wrote to memory of 1960	2584	Unicorn-51578.exe	44
PID 2584 wrote to memory of 1960	2584	Unicorn-51578.exe	44
PID 2584 wrote to memory of 1960	2584	Unicorn-51578.exe	44
PID 2584 wrote to memory of 1960	2584	Unicorn-51578.exe	44
PID 2700 wrote to memory of 2144	2700	Unicorn-2315.exe	43
PID 2700 wrote to memory of 2144	2700	Unicorn-2315.exe	43
PID 2700 wrote to memory of 2144	2700	Unicorn-2315.exe	43
PID 2700 wrote to memory of 2144	2700	Unicorn-2315.exe	43
PID 2420 wrote to memory of 2960	2420	Unicorn-35398.exe	45
PID 2420 wrote to memory of 2960	2420	Unicorn-35398.exe	45
PID 2420 wrote to memory of 2960	2420	Unicorn-35398.exe	45
PID 2420 wrote to memory of 2960	2420	Unicorn-35398.exe	45
PID 2764 wrote to memory of 2932	2764	Unicorn-54334.exe	46
PID 2764 wrote to memory of 2932	2764	Unicorn-54334.exe	46
PID 2764 wrote to memory of 2932	2764	Unicorn-54334.exe	46
PID 2764 wrote to memory of 2932	2764	Unicorn-54334.exe	46

C:\Users\Admin\AppData\Local\Temp\ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe
"C:\Users\Admin\AppData\Local\Temp\ea2e10fc30346d9195205ae8128a0a9d57a97ef0c8fac15fda9469d58ca1b640.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17573.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        8⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 208
        9⤵
        Program crash
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        7⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        7⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        7⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        6⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        6⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        6⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        6⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        7⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
        7⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        6⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        6⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        5⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        7⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        7⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        5⤵
        Executes dropped EXE
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        6⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
        6⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        5⤵
        
        PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
        6⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        7⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        6⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        6⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        5⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        6⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
      4⤵
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
      4⤵
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
      4⤵
      PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60824.exe
        7⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        6⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        7⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        7⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        6⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        6⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        5⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        5⤵
        
        PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        6⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        6⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        5⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        6⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        5⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        5⤵
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        5⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60824.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        5⤵
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
      4⤵
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        6⤵
        
        PID:352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
      4⤵
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26173.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        5⤵
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
      4⤵
      PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
      4⤵
      PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41714.exe
        5⤵
        
        PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
      4⤵
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
    3⤵
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
      4⤵
      PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
      4⤵
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
      4⤵
      PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
    3⤵
    PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
    3⤵
    PID:4812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
    3⤵
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
    3⤵
    PID:5672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18097.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
        6⤵
        Executes dropped EXE
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        7⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        6⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13626.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        7⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        6⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        6⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        5⤵
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
        5⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28350.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25142.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        7⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        5⤵
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
        5⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
      4⤵
      PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
      4⤵
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
      4⤵
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        6⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        7⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        6⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        5⤵
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
        5⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
      4⤵
      PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
      4⤵
      PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
      4⤵
      PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
      4⤵
      PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
      4⤵
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
      4⤵
      PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
      4⤵
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        5⤵
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      4⤵
      PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
      4⤵
      PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
    3⤵
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
      4⤵
      PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
      4⤵
      PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
    3⤵
    PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
    3⤵
    PID:5392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        6⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        6⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        6⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39507.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        5⤵
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
      4⤵
      PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
      4⤵
      PID:5084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        5⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
      4⤵
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
      4⤵
      PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
      4⤵
      PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
      4⤵
      PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
      4⤵
      PID:5812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
    3⤵
    PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
    3⤵
    PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
    3⤵
    PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
    3⤵
    PID:5140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        5⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        5⤵
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        5⤵
        
        PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
      4⤵
      PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
      4⤵
      PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
      4⤵
      PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
      4⤵
      PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
      4⤵
      PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
      4⤵
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
    3⤵
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
      4⤵
      PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
    3⤵
    PID:936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
    3⤵
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
    3⤵
    PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
    3⤵
    PID:5448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
      4⤵
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
      4⤵
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
      4⤵
      PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
    3⤵
    PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
    3⤵
    PID:4392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
    3⤵
    PID:5112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
    3⤵
    PID:5176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
    3⤵
    PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
    3⤵
    PID:4672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
    3⤵
    PID:5336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
  2⤵
  PID:568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
  2⤵
  PID:3548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
  2⤵
  PID:5088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
  2⤵
  PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe

Filesize
468KB

MD5
31d7658c38d932e8ff12e3fe41d910e0

SHA1
e3781ab04fc587a48480136b5395a7a5123756ee

SHA256
f32ec8daa19cc37ce61898750594fd9b71afceb498fdfc837dbefcc1916ee9dd

SHA512
c7092b40b30567662673a86df4245be1e28ba52e840ceaa6fa97ab88d3ba4e47609ba1ff069b0fa2f75a8ac1c0114ee22a4e90ddf3f32c5eda51bbf3e1543cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18097.exe

Filesize
468KB

MD5
2d2a990ea3f987c54c72d6b08cf5e698

SHA1
9ddcb5718d300e26e4dc85641010d8dec86abeed

SHA256
4965499fe6867072407b0ec0c4ae361a80497a5e2eb1af6f42ba0b09cc103d56

SHA512
1a3d10d07fce8bcaa8d4e7d9048cce9f471fa2f04a945bf579c1d25236612469120b5e380d59f7b2bb32c676d8cb1313073fecb09183606c0174cdcd032ea608

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe

Filesize
468KB

MD5
a6f155ab85bb42f8a5a81c7310c52c7c

SHA1
79e3e63bf511f118416a456349c9eb281c46e79b

SHA256
649d10af67953bbf41c141d2f838e0a9cb81e4bc0b2c966d31ce6442d9bdf8e7

SHA512
3c50b456ada26df3867a94ae491e3d3a0fd70d96fbd2dededf0e9b480e4155c9ccc10c1529d9b338b17c0ac84cb6066a78250316797c9ec365502b8666a8630d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe

Filesize
468KB

MD5
5b7647781b0bc0faf09d3a29cd797a60

SHA1
93db6397ee1ec99993a3332f4ecd54e069a39225

SHA256
d2422fc205b2e0d1450de43a45f3066f55ea0f4d145805f03231cf137980e496

SHA512
2137e4e6c6c8da0777a24ba7171b0f99fc84719bf186a115ca80a77a129b91a5ea472a5074f0868923735759ed0d04d8c533590576876f0af01a9e4e44fcc027

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe

Filesize
468KB

MD5
f81cc92026c0fa71b8ee65bd235d7c4c

SHA1
4fd36c206ceab84682098c3f898147789fc5f126

SHA256
30dec8ccf67045b6595fdc8bd77a2047f88e07d957bca43d8bb0eafae24e71ef

SHA512
bb09527cb7c844400649c86b2a0f4abf359c6a3badf5120091749f2565efc95c62c524ebaf36b5aab72e4d518e32a26396ac35f810ef70fde2a7ef7980fb98ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe

Filesize
468KB

MD5
392806887289d693882edc416f3e8a6c

SHA1
63d3484a09b53c2be814f72bed92649e3cba1e91

SHA256
394de8bd808832f1a23f756ac4ed60cc809e0d636c9add4ae7ff7966e7de2ed9

SHA512
523c6e0a994403a2eb35ea69fc22e9d36b54217fcc175b75b2a55d238e89663a331263c6184cf8ac5cde191e396c77935b8bc040ee0dce27e939bcbf98e679a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe

Filesize
468KB

MD5
e964d5e974bed03f74331a1aadb988fe

SHA1
6c42b517602c12933a23c386ede5962fbc6dda8b

SHA256
2a477c203a6d453f9888f2dfa3da97fb27599eb35a338d18df31776389032c7e

SHA512
bcfd1524d0f4eb4b01d1251e816e998f52cd1e7d77f2cd54aa098b393bfc9b274108e6719965c8098805ccbfbdc63e26221c75c40fed21f4c9aa4de31572d293

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe

Filesize
468KB

MD5
f4024ade1d250c2c7c0b5aba503f4537

SHA1
0960442b0dd6f280f1d4c71379489ef2f6c82b5d

SHA256
42b5591429a79e7a194d1186c3faef7c465f2ee4da0f1963f37a33b4bd4144d8

SHA512
0fac7a3435284c296c177edbcc3bce22ba48f6ec31d107d97cb3465547422e5d1817ebc0b72144df33b70a3f819422c48125a1c99444a42751cc524bb330a746

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe

Filesize
468KB

MD5
a6576de41c29cb830fc8e1513c6b457b

SHA1
c08959da3a2515c56372497026960c1797de373f

SHA256
0603e35d93f5784b563b4d8f329c7704f5f0c31c16f743a730eb038e55668aeb

SHA512
b33c8d41d6e4f2d5184e0326810ac52b9705de7e5bd633d60458d7aedf5953f2d8af406c81f2d6aff67f5a642c4c22bbc211a6356b64267e188f5cf6ebeada6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe

Filesize
468KB

MD5
60f3a6c9a239f2623fd5f28a75bf9ee1

SHA1
bfdab9908b87471bad6a4717cee716647981fed3

SHA256
d05b773841fae5201c464adc6f6f2bc6b8aa741b49e877339aca15285b16386e

SHA512
f40ee219521a22dd36d18279c712fb069a6890b9d3248b15026438ba2c95b94447bd0e189284ef9d0cb1a3274b5eba9d14d83dc5085ab8f875fef86562af4456

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe

Filesize
468KB

MD5
aab77d56646d56e54bdc2784fcabd936

SHA1
88f498e6a5444b330bc4a125001161ffa18c0f59

SHA256
6fbbfeea396d7ea74585ab29b89f2b3eb82d3c42e51c8d0823780fb8ca7ed572

SHA512
b3c5cc985df02f0c3069cd0e5cac1f3d3bc79879535f2592c6161f6e535421f5293ec4a1393993c41dfa8ccbf559891d11627747629876a8dec3103a07a46bdf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2315.exe

Filesize
468KB

MD5
a64fb6c7841b65e8a852ffa403bd1816

SHA1
be209c357fa7f7b02f12cf12c78e9be39b7b9a64

SHA256
cd88c022323c011ccb8b5d7585d9ca085b2baee6b8aa397b2c1b1f21b01c5f5b

SHA512
c7084f5fd4b606eaa2c15241151ded7ccf7ee6bf7179db196e57f204423991f745daf22d987d72a760a18094a29711324f98d0e5b27e29ccc9c0e7d947d5ba0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe

Filesize
468KB

MD5
b282a2133fe407c81bed22661f3914f1

SHA1
1d5803d936adb0d18540a94cbcac1d00714c9154

SHA256
6b7a89c04c6377ad874359d255fb0654b5c0e04a56c652600d5f7988c25b0ff1

SHA512
1f5bf96cefdc3ceee463c6b80c552219ee6bce35d021a0103afc841cc94ca1e86060d2b602afc373617f87fd7b663867dfc4166adcdfab9cd446efbd31ae087e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26898.exe

Filesize
468KB

MD5
08906bd4cf569eb9bdfda0e88d03728a

SHA1
2a0ab106bc88a2eefbce86fa59b80d7cc3958873

SHA256
5c7443f01f87204abe9624827fbcf4c86792ccdb5d8061f993e833ecc22b780b

SHA512
2b32f500ee9c52deece803dad1d49df5e5c6b0bd4ff40bac147700d5a1d27aaa6be2bb70cef237b638f63bdb0cc504979732288aaa697e22b2acafd700b45f24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe

Filesize
468KB

MD5
be1459f175c182a6950f4cc2073d9c02

SHA1
3540f291d3e63e530d9bd812ba114f7762d4cc7a

SHA256
dd27cac5f8737603edac3ea0f5d424ea068e4064840ff3c66c475d4d8824f286

SHA512
2a228e6948875d49f6bfde538235a3e774b9d27bccd3f5c35e7fcfb39b808301a3b8c3049d5202948bc574e68a814c6219fbcb217ef598915ee6424fe350d6e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe

Filesize
468KB

MD5
c97f0f4f280976d702eb03b14b32bb41

SHA1
730fe796a1a4142388a470d2043928a621279ecf

SHA256
24b9787232933ba92034232a169da041c1113a821ce39a82159769808fe396ff

SHA512
9532142bf500dff70656bcdeec68334d7ee53438b392c9582375f08ddf2bbaf0b8126e575b5bde964a6fc1f71ead737820a63d4f697e77bb27de5bdb027e2281

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe

Filesize
468KB

MD5
b87884dbd67157cb12c87206b6ff4063

SHA1
98be9dea4d3f45df75c02b80848814a6b8f7a627

SHA256
2b7b7f0f25ef383d0acd708458ae5e3b7bcee0aa7cecafbb77dda634d3682428

SHA512
908feae93d6fbc47e18375c6f7b2a0503febc2311e6eda6015d9e110fd628c03ba94e41185fc2c60d07b2162ef65541ccf0f23e8553ef48bcaf0ab5daa4d3095

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe

Filesize
468KB

MD5
dbce53bfc92fb91e79b7a548c0e88e4a

SHA1
7fca3ca262c403e799caacb0db8478635aef4c94

SHA256
e4db73264dd7d28c4d977aab7b3ca415b5ccab8dbaa699c95f536f9e77396f77

SHA512
34bba09278dac2c037040c0f4d543bb0eb6185c2642b741ef8f39b049bf8947b688d3af374c9d0a7a07669571d7667d3ae1cbc1cc49abbb7207d0c614680db52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe

Filesize
468KB

MD5
5927cfbbe5b8c37ea9f922ef86994ca0

SHA1
c45be9f8e419370f680c5fd04d13bbcfbbb024c8

SHA256
ad906155e0160d2974f94a357f72be12cb7566b2226c6c2a8c508dfa995f6d32

SHA512
529ed65b4c66eefad9caa531c77e49e9bf8b091c7818984b13fd3da9c9268df82ffb87e29de0173455567341933602f3233c2164b9266f86310331ec04a1c825

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe

Filesize
468KB

MD5
f37e8ed4f38cf65359cadf064311119e

SHA1
c562a7db566938af19e9d23a1e9ca54ac2296a14

SHA256
cb2180ad3e30f7e2c8d903412403d899ac8d1ed90232b5677a6b1082049cf3e7

SHA512
953944bdae22d83a59d25709feddfec283d36a8ae6c6d172203fe1a6bf60eaf8647613db8597ff2335d2f3e18b6bf4e6e53ac2fb494da092d123d8610fc29e64

Download Submit