0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
Size

468KB
MD5

bb72d6904b7d18996de11aba07f44f20
SHA1

d9ed4091b8c8a8f20dd34c8b69ef304de56c922a
SHA256

0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757
SHA512

bc4a437f1b02b3ceec6cea8503bafe7b6cd6311036e30a195eea97702961c96181ee1c641364215a097b9a929b5102c860f969d86066b7289a5cae0ae05ed86f
SSDEEP

3072:4bFgogxaIU57tbYCPzFfmbfD/nMDnsIH9QmyeQVqgt5ekkihuPulO:4bSoCc7tJPhfmbfZa7Qt5v7huP

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2324	Unicorn-51950.exe
2920	Unicorn-11768.exe
2156	Unicorn-71.exe
2792	Unicorn-715.exe
2640	Unicorn-42494.exe
2728	Unicorn-907.exe
772	Unicorn-49022.exe
2552	Unicorn-39091.exe
3052	Unicorn-43729.exe
2072	Unicorn-56387.exe
2036	Unicorn-25944.exe
1732	Unicorn-27476.exe
1716	Unicorn-47342.exe
1408	Unicorn-47077.exe
956	Unicorn-47342.exe
1852	Unicorn-3424.exe
2904	Unicorn-64493.exe
2420	Unicorn-44628.exe
3012	Unicorn-10314.exe
1032	Unicorn-16445.exe
2160	Unicorn-29081.exe
2144	Unicorn-29081.exe
952	Unicorn-28816.exe
1124	Unicorn-58224.exe
1900	Unicorn-3622.exe
2164	Unicorn-12552.exe
852	Unicorn-34626.exe
1520	Unicorn-61177.exe
1432	Unicorn-61177.exe
2376	Unicorn-61732.exe
2128	Unicorn-8831.exe
2380	Unicorn-41800.exe
2184	Unicorn-46439.exe
884	Unicorn-17872.exe
1744	Unicorn-17872.exe
2972	Unicorn-11933.exe
1992	Unicorn-63735.exe
2468	Unicorn-10450.exe
2472	Unicorn-38484.exe
1896	Unicorn-50736.exe
2676	Unicorn-40658.exe
3068	Unicorn-9127.exe
2940	Unicorn-8997.exe
2540	Unicorn-44437.exe
2104	Unicorn-13486.exe
2580	Unicorn-25931.exe
2432	Unicorn-25931.exe
2844	Unicorn-19800.exe
2652	Unicorn-56173.exe
2576	Unicorn-5489.exe
3024	Unicorn-25355.exe
2800	Unicorn-3080.exe
2504	Unicorn-5681.exe
1212	Unicorn-47674.exe
2308	Unicorn-63455.exe
1660	Unicorn-6086.exe
2044	Unicorn-50746.exe
1752	Unicorn-64202.exe
2876	Unicorn-18531.exe
2364	Unicorn-29821.exe
2312	Unicorn-1810.exe
916	Unicorn-1810.exe
2896	Unicorn-22785.exe
1316	Unicorn-48773.exe

Loads dropped DLL 64 IoCs

pid	Process
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
2324	Unicorn-51950.exe
2324	Unicorn-51950.exe
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
2920	Unicorn-11768.exe
2920	Unicorn-11768.exe
2324	Unicorn-51950.exe
2324	Unicorn-51950.exe
2156	Unicorn-71.exe
2156	Unicorn-71.exe
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
2792	Unicorn-715.exe
2792	Unicorn-715.exe
2920	Unicorn-11768.exe
2920	Unicorn-11768.exe
2640	Unicorn-42494.exe
2640	Unicorn-42494.exe
2324	Unicorn-51950.exe
2324	Unicorn-51950.exe
2156	Unicorn-71.exe
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
2156	Unicorn-71.exe
772	Unicorn-49022.exe
2728	Unicorn-907.exe
772	Unicorn-49022.exe
2728	Unicorn-907.exe
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
2552	Unicorn-39091.exe
2552	Unicorn-39091.exe
3052	Unicorn-43729.exe
2792	Unicorn-715.exe
3052	Unicorn-43729.exe
2792	Unicorn-715.exe
2920	Unicorn-11768.exe
2920	Unicorn-11768.exe
2036	Unicorn-25944.exe
2036	Unicorn-25944.exe
1408	Unicorn-47077.exe
1408	Unicorn-47077.exe
2072	Unicorn-56387.exe
2324	Unicorn-51950.exe
2324	Unicorn-51950.exe
2640	Unicorn-42494.exe
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
1732	Unicorn-27476.exe
2640	Unicorn-42494.exe
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
1732	Unicorn-27476.exe
2156	Unicorn-71.exe
2156	Unicorn-71.exe
956	Unicorn-47342.exe
1716	Unicorn-47342.exe
956	Unicorn-47342.exe
1716	Unicorn-47342.exe
2728	Unicorn-907.exe
2728	Unicorn-907.exe
772	Unicorn-49022.exe
772	Unicorn-49022.exe
1852	Unicorn-3424.exe
1852	Unicorn-3424.exe
2552	Unicorn-39091.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2692	1992	WerFault.exe	67
2924	1072	WerFault.exe	102
3716	3048	WerFault.exe	99

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-71.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-71.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43597.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
2324	Unicorn-51950.exe
2920	Unicorn-11768.exe
2156	Unicorn-71.exe
2792	Unicorn-715.exe
2640	Unicorn-42494.exe
2728	Unicorn-907.exe
772	Unicorn-49022.exe
2552	Unicorn-39091.exe
3052	Unicorn-43729.exe
2036	Unicorn-25944.exe
2072	Unicorn-56387.exe
1716	Unicorn-47342.exe
1408	Unicorn-47077.exe
1732	Unicorn-27476.exe
956	Unicorn-47342.exe
1852	Unicorn-3424.exe
2904	Unicorn-64493.exe
2420	Unicorn-44628.exe
3012	Unicorn-10314.exe
1032	Unicorn-16445.exe
2160	Unicorn-29081.exe
952	Unicorn-28816.exe
1124	Unicorn-58224.exe
1900	Unicorn-3622.exe
2164	Unicorn-12552.exe
852	Unicorn-34626.exe
1520	Unicorn-61177.exe
1432	Unicorn-61177.exe
2128	Unicorn-8831.exe
2376	Unicorn-61732.exe
2380	Unicorn-41800.exe
2184	Unicorn-46439.exe
884	Unicorn-17872.exe
1744	Unicorn-17872.exe
2972	Unicorn-11933.exe
1992	Unicorn-63735.exe
2472	Unicorn-38484.exe
2468	Unicorn-10450.exe
1896	Unicorn-50736.exe
2676	Unicorn-40658.exe
3068	Unicorn-9127.exe
2940	Unicorn-8997.exe
2540	Unicorn-44437.exe
2104	Unicorn-13486.exe
2432	Unicorn-25931.exe
2844	Unicorn-19800.exe
2580	Unicorn-25931.exe
2576	Unicorn-5489.exe
2652	Unicorn-56173.exe
3024	Unicorn-25355.exe
2800	Unicorn-3080.exe
2504	Unicorn-5681.exe
2044	Unicorn-50746.exe
2308	Unicorn-63455.exe
1660	Unicorn-6086.exe
1212	Unicorn-47674.exe
2876	Unicorn-18531.exe
1752	Unicorn-64202.exe
2364	Unicorn-29821.exe
2312	Unicorn-1810.exe
916	Unicorn-1810.exe
2896	Unicorn-22785.exe
1316	Unicorn-48773.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2324	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	31
PID 1680 wrote to memory of 2324	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	31
PID 1680 wrote to memory of 2324	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	31
PID 1680 wrote to memory of 2324	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	31
PID 2324 wrote to memory of 2920	2324	Unicorn-51950.exe	32
PID 2324 wrote to memory of 2920	2324	Unicorn-51950.exe	32
PID 2324 wrote to memory of 2920	2324	Unicorn-51950.exe	32
PID 2324 wrote to memory of 2920	2324	Unicorn-51950.exe	32
PID 1680 wrote to memory of 2156	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	33
PID 1680 wrote to memory of 2156	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	33
PID 1680 wrote to memory of 2156	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	33
PID 1680 wrote to memory of 2156	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	33
PID 2920 wrote to memory of 2792	2920	Unicorn-11768.exe	34
PID 2920 wrote to memory of 2792	2920	Unicorn-11768.exe	34
PID 2920 wrote to memory of 2792	2920	Unicorn-11768.exe	34
PID 2920 wrote to memory of 2792	2920	Unicorn-11768.exe	34
PID 2324 wrote to memory of 2640	2324	Unicorn-51950.exe	35
PID 2324 wrote to memory of 2640	2324	Unicorn-51950.exe	35
PID 2324 wrote to memory of 2640	2324	Unicorn-51950.exe	35
PID 2324 wrote to memory of 2640	2324	Unicorn-51950.exe	35
PID 2156 wrote to memory of 2728	2156	Unicorn-71.exe	36
PID 2156 wrote to memory of 2728	2156	Unicorn-71.exe	36
PID 2156 wrote to memory of 2728	2156	Unicorn-71.exe	36
PID 2156 wrote to memory of 2728	2156	Unicorn-71.exe	36
PID 1680 wrote to memory of 772	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	37
PID 1680 wrote to memory of 772	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	37
PID 1680 wrote to memory of 772	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	37
PID 1680 wrote to memory of 772	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	37
PID 2792 wrote to memory of 2552	2792	Unicorn-715.exe	38
PID 2792 wrote to memory of 2552	2792	Unicorn-715.exe	38
PID 2792 wrote to memory of 2552	2792	Unicorn-715.exe	38
PID 2792 wrote to memory of 2552	2792	Unicorn-715.exe	38
PID 2920 wrote to memory of 3052	2920	Unicorn-11768.exe	39
PID 2920 wrote to memory of 3052	2920	Unicorn-11768.exe	39
PID 2920 wrote to memory of 3052	2920	Unicorn-11768.exe	39
PID 2920 wrote to memory of 3052	2920	Unicorn-11768.exe	39
PID 2640 wrote to memory of 2072	2640	Unicorn-42494.exe	40
PID 2640 wrote to memory of 2072	2640	Unicorn-42494.exe	40
PID 2640 wrote to memory of 2072	2640	Unicorn-42494.exe	40
PID 2640 wrote to memory of 2072	2640	Unicorn-42494.exe	40
PID 2324 wrote to memory of 2036	2324	Unicorn-51950.exe	41
PID 2324 wrote to memory of 2036	2324	Unicorn-51950.exe	41
PID 2324 wrote to memory of 2036	2324	Unicorn-51950.exe	41
PID 2324 wrote to memory of 2036	2324	Unicorn-51950.exe	41
PID 2156 wrote to memory of 1732	2156	Unicorn-71.exe	42
PID 2156 wrote to memory of 1732	2156	Unicorn-71.exe	42
PID 2156 wrote to memory of 1732	2156	Unicorn-71.exe	42
PID 2156 wrote to memory of 1732	2156	Unicorn-71.exe	42
PID 772 wrote to memory of 956	772	Unicorn-49022.exe	44
PID 772 wrote to memory of 956	772	Unicorn-49022.exe	44
PID 772 wrote to memory of 956	772	Unicorn-49022.exe	44
PID 772 wrote to memory of 956	772	Unicorn-49022.exe	44
PID 2728 wrote to memory of 1716	2728	Unicorn-907.exe	45
PID 2728 wrote to memory of 1716	2728	Unicorn-907.exe	45
PID 2728 wrote to memory of 1716	2728	Unicorn-907.exe	45
PID 2728 wrote to memory of 1716	2728	Unicorn-907.exe	45
PID 1680 wrote to memory of 1408	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	43
PID 1680 wrote to memory of 1408	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	43
PID 1680 wrote to memory of 1408	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	43
PID 1680 wrote to memory of 1408	1680	0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe	43
PID 2552 wrote to memory of 1852	2552	Unicorn-39091.exe	46
PID 2552 wrote to memory of 1852	2552	Unicorn-39091.exe	46
PID 2552 wrote to memory of 1852	2552	Unicorn-39091.exe	46
PID 2552 wrote to memory of 1852	2552	Unicorn-39091.exe	46

C:\Users\Admin\AppData\Local\Temp\0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe
"C:\Users\Admin\AppData\Local\Temp\0c88f447615284e0d20f8ce196af479b247a6442f3f604a94df63894ad623757N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        9⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
        7⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        7⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        7⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        7⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        7⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        6⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        7⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        6⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        7⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        6⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        6⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        6⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 220
        6⤵
        Program crash
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        5⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28100.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        5⤵
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        7⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        7⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        7⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        6⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        7⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
        6⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        7⤵
        
        PID:584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
        7⤵
        Program crash
        
        PID:3716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        6⤵
        Program crash
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        5⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        6⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        5⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        6⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        6⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        5⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        5⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        6⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        6⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        5⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        5⤵
        
        PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        5⤵
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32244.exe
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
      4⤵
      PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
      4⤵
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        5⤵
        Executes dropped EXE
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        6⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        5⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28679.exe
        6⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
        5⤵
        
        PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        5⤵
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        5⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15354.exe
      4⤵
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
        5⤵
        
        PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
      4⤵
      PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        7⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        6⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44810.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        6⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
        6⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        5⤵
        
        PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
      4⤵
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14877.exe
        5⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49735.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        5⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        5⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
      4⤵
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        5⤵
        
        PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
      4⤵
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44437.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
      4⤵
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35965.exe
        5⤵
        
        PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
      4⤵
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
      4⤵
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
      4⤵
      PID:5820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
    3⤵
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
      4⤵
      PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
      4⤵
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
      4⤵
      PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
      4⤵
      PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
    3⤵
    PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
    3⤵
    PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51110.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
        7⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        6⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        6⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        6⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        6⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        7⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        7⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        6⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62443.exe
        5⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        5⤵
        
        PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        5⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
      4⤵
      PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
      4⤵
      PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exe
        7⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
        5⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
        5⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        5⤵
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
      4⤵
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
      4⤵
      PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
      4⤵
      PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
      4⤵
      PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
    3⤵
    PID:4016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26875.exe
    3⤵
    PID:5128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
        7⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        6⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
        6⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        5⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
      4⤵
      PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
      4⤵
      PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
      4⤵
      PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
      4⤵
      PID:5648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
    3⤵
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
      4⤵
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
    3⤵
    PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
      4⤵
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        5⤵
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        5⤵
        
        PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
      4⤵
      PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
    3⤵
    PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
    3⤵
    PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
    3⤵
    PID:5288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        5⤵
        
        PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
      4⤵
      PID:5672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42914.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
      4⤵
      PID:5172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
    3⤵
    PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
    3⤵
    PID:4964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
    3⤵
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
    3⤵
    PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
    3⤵
    PID:5728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
  2⤵
  PID:1580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
  2⤵
  PID:4008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
  2⤵
  PID:2080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
  2⤵
  PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe

Filesize
468KB

MD5
69392531cb58840f696b2ae3e12128b7

SHA1
c9abd59d05c0a17ca154ab83bb93fa8b80330b95

SHA256
34db2447408ef7fac939237fac5e846efe7f39366111ed0675091bd6d7524b25

SHA512
be949b5e9e79f41d6b08045d75e06d59493322c21459cda4b04fd93930448f8f8d54c29927096305f07372597dd6d76725825809631aa636969ab58b0fb70ff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe

Filesize
468KB

MD5
cacaf1ed3812c488e56db6db72b1ad76

SHA1
6b669f55478ca6f7f848e830f30d008b2a430a85

SHA256
70dcf5d82648f13ce6044724025ef46baf9b2393de2c5e535424c1bc866b4891

SHA512
920a358f15601a397e52fad5eaea5375037b6f93cb3ae90c89eec71f5dbe94470a339032dba3356fe3a98ec5b2bb826cec4a579836536d3c139edc0291839814

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe

Filesize
468KB

MD5
66746293e4bd02bef5ca627709482dbf

SHA1
2ff531c5965e942f137f8c79375d517b50d2ca52

SHA256
8482092476feec9527f41a2cab5a6590881ab86188c22ab8594fe5df1b2f6e47

SHA512
eff7f1d8528795ad5ff8e1aac90fca6ddfca12660a260213024c31010a123106e595b428877c9460b2bf2f990441df6bcdf198cc2660cd37a03821f41848ff0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe

Filesize
468KB

MD5
e5670ddd5329a4e16cd8f0bc0dd8062a

SHA1
50acec712a4f84b17e3f03c93be4ebcb2a1e7554

SHA256
0199f79833da9f7c9664211ccd411f6e17e3db9e9c3988b69aa4370bc5fcbd66

SHA512
345b2f61aa59594f1628f8a618054e81925f2e7d13a423e3c935bc1d1d1f70e70088131f744a93570cfb64ad19918a513685a565a597e005c17665eec15307af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe

Filesize
468KB

MD5
8a0e453d3e47edae6ddfdfd6be3f8bd6

SHA1
bf6de6fa3dee1fbf0a646949fbe244ab7941d625

SHA256
eb16d60cf8323893e1ac8e269bd9ee3e6ee4b585130b0b7b6785347254bc293c

SHA512
3bfc2a22633b09fcf82efac968ed08efc1b6b6bd923aa0dc1dd596927cc475246451d38d3d7516cd1a1f1aa6182cd31fcb6e33e63fceb394b43fd91a6ba6cbb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe

Filesize
468KB

MD5
4287f626b21030e68d2165c69e9520a7

SHA1
e3b805504303e09e9141fa9b9389e7b7566a18b6

SHA256
5c84725b70636310b98cf440aed730a1c3c92e2ccb0723ea2db8118f5d8729d0

SHA512
c7f443c073f979e9b6672a73a05d7eeda6d32255cf3e8cd0532d7e1fff27df1f3bda4a8c6cf566341be6f9fa843cdefd7cf70317996fff1f2315c88485618306

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe

Filesize
468KB

MD5
109ab2f5086703efc1e0f6d4964cacc3

SHA1
b9379c9c34f74693b9ac36a385988ece0b683c6d

SHA256
7fdf25a1f68bf15dc9b4051baeb21f01838adcb1b599faddd0aa3ce7e70fcf72

SHA512
4981df6071cf6a774ab6fa0a31471928bb78353178ece74a5cb98aa2e25fc702a5af1f316292b94390fd0d0dc0e5cbd186fc274642dbb2898a0ec68139b2ea14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe

Filesize
468KB

MD5
61bf5f567c8ef1bb591d9a2b07a3b996

SHA1
dbe5d9ebc684de0e2fcdec62608a0530b9f86116

SHA256
9c252be2b756fc0bedd866cd1c5b1fd43511ad7cfa9ff16fe385883637e7e2a4

SHA512
3d2ecf5785a2c99956ca189e44e1712a945758aa07ba90031fe5c9ee0ec07f46fc274fcd80db4f6bc65d35201e2689dc401138eb3c44584220258c73251cfc16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe

Filesize
468KB

MD5
6bdbf0df9661cdbd417f6421c2f3c216

SHA1
84f239bbe89f4f524476eacc9c9c9408861f157b

SHA256
b1a83f06fdf73db4d853bbdc782be9964b9c3387841ed13ef3d1449ced25dba5

SHA512
c751bb95885d6edb17f59f4e49d5385b5c19567fcb83d8754fcd9125ab023ff6a08e2b2227e5fbd86b92c4ed273ed38d2c6101eedb0832fedc0d214eda638cf3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe

Filesize
468KB

MD5
d104a379ce168d327d6618fe98de48bf

SHA1
e092f71b62095f9963d56f55283c10e19a7ccd73

SHA256
d1c033abb237f66f687c87ab3fc3bc09802404513d8589e734f2ff1c1fb5ce2d

SHA512
97e8774b8309db527465b70af0e9c9f607947cf9acf8cca69c6b80efa56f1a4e86f2dd9e90146169cacd70c1f2c3490e9ef3331611d2d472519742d9dbe6ef7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe

Filesize
468KB

MD5
3ceb5d72d21bc64aad292be3194b3e8c

SHA1
a2806e8930915e34ca006c35d6cabf59b58c3955

SHA256
21af93f4910cf9bb45a293902433054c45292ee48d2a01bc14c8bd182678b2e1

SHA512
87dbab82521e484a2d01f581b7e6100f10e2acc78de41fa1b741e2a8ecf8f12f884855b81e18f484d4dde88bb5bb7e692514c223198794dc8405a66dc23c7595

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe

Filesize
468KB

MD5
b16074e4d8fb990a9a790c3f9c240e6e

SHA1
e92931b7131d3839b642788a5f1f1e83b7548638

SHA256
1eeb956076a4592d1f0326c7d036ed0d392db5dcf1d173d87d213dcab09b61cd

SHA512
4f8f27cad738f6bf3ba8304533f00ee0d2cfe5a25df2290f16a446cd490ba8105e79ea2836841f0ea9d93caa264c0ca5239db906384b9e748459e893845094f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe

Filesize
468KB

MD5
a9a0c561e4f13ba616c042d5901a5c6e

SHA1
f5fcdf6f8de08e89481074615b6a9c132634b849

SHA256
ba03c7e966d4d586ea8ff6d48a6d4cda4ecb5664697091577a57b490677e4aa5

SHA512
5eeb893a36174a50132b12954ab373fd53c503ecc79bc609f083abc357d737c7e27413ea6bcda4590a49e2589781b7fe2b68c0e02243b242d3f0a73ca1fa0649

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe

Filesize
468KB

MD5
75950ba5ee74c2114a04fbff57a6333e

SHA1
87f555f6c7b0fb93e6295e0a68eaf89ba39a9c67

SHA256
fdfcfe43addf75c96861baca4e4c7b5f9f706a80df3bc3dd3468e534bf5c5c9b

SHA512
e5de9aa12435b135a1aeb2bb2029404efceead3ba54899c7e890ded8a2fbc3ad732003dc24918293c6933c661486d7d8802b42893d7eea4a2bf3d9735363fdef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe

Filesize
468KB

MD5
b2871c56251561b474d36e281ee7e836

SHA1
b7fbe978be024e67b5c75a710b4ebf4287bada6f

SHA256
a25c7f0228edc062e535439ccd3c1fd05aed323ed68341dee3d6fd1db929e5f5

SHA512
15552043abd410e57fd9cd75fcd907a8336c6b4ea6a201268a2f455cd1d85fee81d0634a11930ac73acab4b0915636d3565129c8e474114533f6d7e5e3adcbd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe

Filesize
468KB

MD5
b4ecdacd5d6a2a53dd3e323ec9d7fc88

SHA1
ae8c8492b851fa5e3ec8cc965b0335004e60d3c7

SHA256
46849a13c95c111cc962cd9e2e2512201f412e87e8499064c4defb3278b2c58a

SHA512
1a12285c3b83f8704817b50bc55ab45ab5cc2940cf3b60dba8a516ef1e6a2c367c6710e1794d560608525cdb5a98873c848597a83bf16a64d2fe0b6b523dc33a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe

Filesize
468KB

MD5
ed66bcd3a9c743ceed7e5c194951b0cb

SHA1
c37ff62049ca0d3c72979ca078cc51025614b0ee

SHA256
6ae8fb8cc8bba218b86731509586fe139e51414c78521919ea7d673b942f239b

SHA512
af043540bb4e83191513db6f51df407acee3df422d033729c742124072a0a9a2cc021a221678d64b49cf43ec7e963572178cd7139ce450849cc3463d85e731ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-71.exe

Filesize
468KB

MD5
12d3ba8f6ea888af929ac24027feff2f

SHA1
c91ea486ec8b10a7dd22de5b5574b3e987426469

SHA256
5cb08826d1c0276b61f08183aeb163a7effae079087392e616652d3053d25f9b

SHA512
721e8a80cca350d8c135f64f1defacba04c016aeb25b223fcb100d8eab157eb761d7b36e7ce6cebacd5e93b7d3d01354557c5b23fd391bbe1611ab4ce9596d2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-715.exe

Filesize
468KB

MD5
8458aeefdebb8e7bdd2adc777e552dbc

SHA1
8503ee2bcbedcbdda9d451ec1f0f7d1e9b428c98

SHA256
ee47bdfb564e5a4287e24bf937534ff59aa8ee2efbe86ddd1c530b373912dcc1

SHA512
0e78dbb69acc687471218aa63df615fc23f6590196cf0135339504d565c4bd7f1994fef48e819194e98d4f6bca18e1997fca26ca58faa854682ff29503127d68

Download Submit