8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
Size

468KB
MD5

6cec5609ed0c3967e3673d7f2eb1e98c
SHA1

63a0437404399846927b2c32a480a074079109cf
SHA256

8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931
SHA512

37cd2902108cf28a840ab955abbe0d9a067af00c72eb1ec2d7a75c9224edc6690fa2a52986f44a95ccfa745ecab9bca6d00cf5eff95fac968e460880a0762d9d
SSDEEP

3072:4bdgogxaIK57tbYZPzcfmbfD/n2DnsNH9QmyeQVNYc5Kkcih+xuloz:4baoCO7tCP4fmbfrd7xc5Dzh+xh

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2904	Unicorn-45802.exe
2496	Unicorn-11432.exe
2828	Unicorn-48936.exe
2716	Unicorn-56679.exe
1876	Unicorn-31791.exe
2732	Unicorn-29744.exe
392	Unicorn-57042.exe
1056	Unicorn-49938.exe
384	Unicorn-908.exe
2532	Unicorn-1313.exe
2332	Unicorn-14504.exe
2924	Unicorn-11903.exe
3040	Unicorn-26202.exe
2700	Unicorn-5781.exe
1388	Unicorn-57348.exe
2468	Unicorn-9948.exe
2488	Unicorn-18671.exe
2248	Unicorn-4795.exe
2540	Unicorn-13138.exe
960	Unicorn-22284.exe
2552	Unicorn-48075.exe
2272	Unicorn-10763.exe
692	Unicorn-26716.exe
1080	Unicorn-6850.exe
936	Unicorn-26716.exe
800	Unicorn-41198.exe
1116	Unicorn-30727.exe
836	Unicorn-26908.exe
996	Unicorn-6295.exe
536	Unicorn-39358.exe
360	Unicorn-48843.exe
3068	Unicorn-43519.exe
1092	Unicorn-60047.exe
752	Unicorn-40181.exe
2808	Unicorn-36503.exe
1916	Unicorn-16637.exe
2896	Unicorn-44671.exe
2912	Unicorn-33165.exe
2696	Unicorn-53031.exe
2800	Unicorn-11925.exe
560	Unicorn-30180.exe
2836	Unicorn-60706.exe
2192	Unicorn-192.exe
2640	Unicorn-52730.exe
2316	Unicorn-18520.exe
2184	Unicorn-35818.exe
3028	Unicorn-43986.exe
2616	Unicorn-43986.exe
1844	Unicorn-32480.exe
2112	Unicorn-44178.exe
2952	Unicorn-8308.exe
2644	Unicorn-54245.exe
2720	Unicorn-39008.exe
2304	Unicorn-20250.exe
2400	Unicorn-20250.exe
2356	Unicorn-20250.exe
2396	Unicorn-20804.exe
564	Unicorn-31739.exe
2236	Unicorn-36778.exe
2164	Unicorn-34731.exe
1808	Unicorn-54851.exe
1484	Unicorn-28117.exe
652	Unicorn-21655.exe
1464	Unicorn-41713.exe

Loads dropped DLL 64 IoCs

pid	Process
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
2904	Unicorn-45802.exe
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
2904	Unicorn-45802.exe
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
2828	Unicorn-48936.exe
2828	Unicorn-48936.exe
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
2496	Unicorn-11432.exe
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
2496	Unicorn-11432.exe
2904	Unicorn-45802.exe
2904	Unicorn-45802.exe
2716	Unicorn-56679.exe
2716	Unicorn-56679.exe
2828	Unicorn-48936.exe
2828	Unicorn-48936.exe
1876	Unicorn-31791.exe
1876	Unicorn-31791.exe
2496	Unicorn-11432.exe
2496	Unicorn-11432.exe
2904	Unicorn-45802.exe
2904	Unicorn-45802.exe
392	Unicorn-57042.exe
2732	Unicorn-29744.exe
392	Unicorn-57042.exe
2732	Unicorn-29744.exe
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
1056	Unicorn-49938.exe
1056	Unicorn-49938.exe
2716	Unicorn-56679.exe
2716	Unicorn-56679.exe
384	Unicorn-908.exe
384	Unicorn-908.exe
2828	Unicorn-48936.exe
2828	Unicorn-48936.exe
2532	Unicorn-1313.exe
2532	Unicorn-1313.exe
1876	Unicorn-31791.exe
1876	Unicorn-31791.exe
2700	Unicorn-5781.exe
2700	Unicorn-5781.exe
2924	Unicorn-11903.exe
2332	Unicorn-14504.exe
2732	Unicorn-29744.exe
2924	Unicorn-11903.exe
2732	Unicorn-29744.exe
2332	Unicorn-14504.exe
2496	Unicorn-11432.exe
2496	Unicorn-11432.exe
2904	Unicorn-45802.exe
1388	Unicorn-57348.exe
2904	Unicorn-45802.exe
1388	Unicorn-57348.exe
3040	Unicorn-26202.exe
3040	Unicorn-26202.exe
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
392	Unicorn-57042.exe
392	Unicorn-57042.exe
960	Unicorn-22284.exe
960	Unicorn-22284.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
972	2820	WerFault.exe	127
3088	1432	WerFault.exe	97
4028	3472	WerFault.exe	223

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3965.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
2904	Unicorn-45802.exe
2828	Unicorn-48936.exe
2496	Unicorn-11432.exe
2716	Unicorn-56679.exe
2732	Unicorn-29744.exe
1876	Unicorn-31791.exe
392	Unicorn-57042.exe
1056	Unicorn-49938.exe
384	Unicorn-908.exe
2532	Unicorn-1313.exe
2924	Unicorn-11903.exe
2700	Unicorn-5781.exe
1388	Unicorn-57348.exe
2332	Unicorn-14504.exe
3040	Unicorn-26202.exe
2468	Unicorn-9948.exe
2248	Unicorn-4795.exe
2488	Unicorn-18671.exe
2540	Unicorn-13138.exe
960	Unicorn-22284.exe
2552	Unicorn-48075.exe
2272	Unicorn-10763.exe
1080	Unicorn-6850.exe
692	Unicorn-26716.exe
936	Unicorn-26716.exe
800	Unicorn-41198.exe
836	Unicorn-26908.exe
1116	Unicorn-30727.exe
536	Unicorn-39358.exe
360	Unicorn-48843.exe
996	Unicorn-6295.exe
3068	Unicorn-43519.exe
2808	Unicorn-36503.exe
752	Unicorn-40181.exe
1092	Unicorn-60047.exe
2896	Unicorn-44671.exe
1916	Unicorn-16637.exe
560	Unicorn-30180.exe
2912	Unicorn-33165.exe
2800	Unicorn-11925.exe
2696	Unicorn-53031.exe
2836	Unicorn-60706.exe
2192	Unicorn-192.exe
1844	Unicorn-32480.exe
2640	Unicorn-52730.exe
2316	Unicorn-18520.exe
2184	Unicorn-35818.exe
2616	Unicorn-43986.exe
3028	Unicorn-43986.exe
2112	Unicorn-44178.exe
2644	Unicorn-54245.exe
2952	Unicorn-8308.exe
2720	Unicorn-39008.exe
2304	Unicorn-20250.exe
2400	Unicorn-20250.exe
2356	Unicorn-20250.exe
2396	Unicorn-20804.exe
564	Unicorn-31739.exe
2164	Unicorn-34731.exe
2236	Unicorn-36778.exe
1808	Unicorn-54851.exe
1484	Unicorn-28117.exe
652	Unicorn-21655.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2904	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	30
PID 2772 wrote to memory of 2904	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	30
PID 2772 wrote to memory of 2904	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	30
PID 2772 wrote to memory of 2904	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	30
PID 2904 wrote to memory of 2496	2904	Unicorn-45802.exe	31
PID 2904 wrote to memory of 2496	2904	Unicorn-45802.exe	31
PID 2904 wrote to memory of 2496	2904	Unicorn-45802.exe	31
PID 2904 wrote to memory of 2496	2904	Unicorn-45802.exe	31
PID 2772 wrote to memory of 2828	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	32
PID 2772 wrote to memory of 2828	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	32
PID 2772 wrote to memory of 2828	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	32
PID 2772 wrote to memory of 2828	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	32
PID 2828 wrote to memory of 2716	2828	Unicorn-48936.exe	33
PID 2828 wrote to memory of 2716	2828	Unicorn-48936.exe	33
PID 2828 wrote to memory of 2716	2828	Unicorn-48936.exe	33
PID 2828 wrote to memory of 2716	2828	Unicorn-48936.exe	33
PID 2772 wrote to memory of 2732	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	34
PID 2772 wrote to memory of 2732	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	34
PID 2772 wrote to memory of 2732	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	34
PID 2772 wrote to memory of 2732	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	34
PID 2496 wrote to memory of 1876	2496	Unicorn-11432.exe	35
PID 2496 wrote to memory of 1876	2496	Unicorn-11432.exe	35
PID 2496 wrote to memory of 1876	2496	Unicorn-11432.exe	35
PID 2496 wrote to memory of 1876	2496	Unicorn-11432.exe	35
PID 2904 wrote to memory of 392	2904	Unicorn-45802.exe	36
PID 2904 wrote to memory of 392	2904	Unicorn-45802.exe	36
PID 2904 wrote to memory of 392	2904	Unicorn-45802.exe	36
PID 2904 wrote to memory of 392	2904	Unicorn-45802.exe	36
PID 2716 wrote to memory of 1056	2716	Unicorn-56679.exe	37
PID 2716 wrote to memory of 1056	2716	Unicorn-56679.exe	37
PID 2716 wrote to memory of 1056	2716	Unicorn-56679.exe	37
PID 2716 wrote to memory of 1056	2716	Unicorn-56679.exe	37
PID 2828 wrote to memory of 384	2828	Unicorn-48936.exe	38
PID 2828 wrote to memory of 384	2828	Unicorn-48936.exe	38
PID 2828 wrote to memory of 384	2828	Unicorn-48936.exe	38
PID 2828 wrote to memory of 384	2828	Unicorn-48936.exe	38
PID 1876 wrote to memory of 2532	1876	Unicorn-31791.exe	39
PID 1876 wrote to memory of 2532	1876	Unicorn-31791.exe	39
PID 1876 wrote to memory of 2532	1876	Unicorn-31791.exe	39
PID 1876 wrote to memory of 2532	1876	Unicorn-31791.exe	39
PID 2496 wrote to memory of 2332	2496	Unicorn-11432.exe	40
PID 2496 wrote to memory of 2332	2496	Unicorn-11432.exe	40
PID 2496 wrote to memory of 2332	2496	Unicorn-11432.exe	40
PID 2496 wrote to memory of 2332	2496	Unicorn-11432.exe	40
PID 2904 wrote to memory of 2924	2904	Unicorn-45802.exe	41
PID 2904 wrote to memory of 2924	2904	Unicorn-45802.exe	41
PID 2904 wrote to memory of 2924	2904	Unicorn-45802.exe	41
PID 2904 wrote to memory of 2924	2904	Unicorn-45802.exe	41
PID 392 wrote to memory of 3040	392	Unicorn-57042.exe	42
PID 392 wrote to memory of 3040	392	Unicorn-57042.exe	42
PID 392 wrote to memory of 3040	392	Unicorn-57042.exe	42
PID 392 wrote to memory of 3040	392	Unicorn-57042.exe	42
PID 2732 wrote to memory of 2700	2732	Unicorn-29744.exe	43
PID 2732 wrote to memory of 2700	2732	Unicorn-29744.exe	43
PID 2732 wrote to memory of 2700	2732	Unicorn-29744.exe	43
PID 2732 wrote to memory of 2700	2732	Unicorn-29744.exe	43
PID 2772 wrote to memory of 1388	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	44
PID 2772 wrote to memory of 1388	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	44
PID 2772 wrote to memory of 1388	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	44
PID 2772 wrote to memory of 1388	2772	8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe	44
PID 1056 wrote to memory of 2468	1056	Unicorn-49938.exe	45
PID 1056 wrote to memory of 2468	1056	Unicorn-49938.exe	45
PID 1056 wrote to memory of 2468	1056	Unicorn-49938.exe	45
PID 1056 wrote to memory of 2468	1056	Unicorn-49938.exe	45

C:\Users\Admin\AppData\Local\Temp\8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe
"C:\Users\Admin\AppData\Local\Temp\8178bd64fec0315a239038d47094cf198754883d8a6ac3f78e40ac6a020f2931.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        6⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7572.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50125.exe
        7⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65038.exe
        7⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23587.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54295.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54851.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49555.exe
        7⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        7⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        6⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        5⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        6⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        5⤵
        
        PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        7⤵
        Executes dropped EXE
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
        8⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39383.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        6⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        6⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        6⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
        6⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        6⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        6⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
        6⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        5⤵
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        5⤵
        
        PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
      4⤵
      PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4382.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        7⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        6⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        5⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        6⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 188
        7⤵
        Program crash
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        6⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        6⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16216.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        5⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        5⤵
        
        PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32289.exe
      4⤵
      PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
      4⤵
      PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
      4⤵
      PID:5564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        6⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        5⤵
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        5⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        5⤵
        
        PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
      4⤵
      PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
      4⤵
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
      4⤵
      PID:5468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        5⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        5⤵
        
        PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
      4⤵
      PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
      4⤵
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        5⤵
        
        PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
      4⤵
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
      4⤵
      PID:5180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
    3⤵
    PID:1644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
    3⤵
    PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
    3⤵
    PID:4408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
    3⤵
    PID:5224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56679.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        7⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64404.exe
        7⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        6⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        6⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        7⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15785.exe
        5⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        5⤵
        
        PID:3472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 188
        6⤵
        Program crash
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65052.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13958.exe
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        6⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        5⤵
        
        PID:1432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 220
        6⤵
        Program crash
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        5⤵
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        5⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60512.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
      4⤵
      PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
      4⤵
      PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
      4⤵
      PID:5732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-908.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        6⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26580.exe
        6⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49412.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26083.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
      4⤵
      PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
      4⤵
      PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
      4⤵
      PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36503.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55247.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11443.exe
        5⤵
        
        PID:520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32354.exe
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37623.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
      4⤵
      PID:5508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33312.exe
      4⤵
      PID:704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
      4⤵
      PID:5124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
    3⤵
    PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
    3⤵
    PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
    3⤵
    PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
    3⤵
    PID:5480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        6⤵
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
        6⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        6⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
        5⤵
        
        PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
      4⤵
      PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
      4⤵
      PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        5⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
      4⤵
      PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24484.exe
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
      4⤵
      PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
      4⤵
      PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
      4⤵
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
    3⤵
    PID:2104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
    3⤵
    PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
    3⤵
    PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41225.exe
    3⤵
    PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
    3⤵
    PID:4920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
    3⤵
    PID:5704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        5⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        5⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
      4⤵
      PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
      4⤵
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
      4⤵
      PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
      4⤵
      PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
      4⤵
      PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
    3⤵
    PID:236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
    3⤵
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
    3⤵
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
    3⤵
    PID:5780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
      4⤵
      PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
      4⤵
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
      4⤵
      PID:5408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
    3⤵
    PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
    3⤵
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
    3⤵
    PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
    3⤵
    PID:5596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
    3⤵
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
      4⤵
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
      4⤵
      PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
    3⤵
    PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
    3⤵
    PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
    3⤵
    PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
    3⤵
    PID:6000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
  2⤵
  PID:2684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
  2⤵
  PID:1752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
  2⤵
  PID:3444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
  2⤵
  PID:3948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
  2⤵
  PID:4836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
  2⤵
  PID:4100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33110.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33110.exe
  2⤵
  PID:5184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe

Filesize
468KB

MD5
304e3fcb001e7de5b51e3be0df637857

SHA1
4699fff35617e62785a9a1c30d88520353c138d6

SHA256
1237655ba37c5a42a7e90f700363723cfbf8c07d07f1613ce3ad66ba573af73f

SHA512
639dc562d8b0b5193b2244d028993ac92f9628e6275be0d963895b46c025266a2ca91435badfc5bf5de289b1812de98f4c838497ac99e4dbd8071a46136aa4e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe

Filesize
468KB

MD5
b0ef371bb55200a596d3ceecfb9a4091

SHA1
a13055e75e2fbdde48a2a71ceda069f7fb084313

SHA256
8f773f74337a74c3992c06e6892a8e31fd4fdb39a6e28ed8a099d8e226b8e807

SHA512
df63bec540209d70b5c2c46a8a1e1ea4c4241d601997a6c422a5da13a5fbb692bfb9c696e4cfbeeff72573399d76bcd82df67a90bae47f6cd4757cf1db6b5e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe

Filesize
468KB

MD5
9077d65e53a6f2391c9de6c7bf51e0f8

SHA1
d9f4da55f5105e1aced75484a1c24677d2e6b7e2

SHA256
def1f90f927975ff19ae10217c8381ca2778b87b177a1295bd1a36cac993d94e

SHA512
48e6e009057f85049548a23c7dcae79fbac0148bf7d04fcbcee8cc1e80e40ab99fb62c89635ced01b135437ca9bfaeddba9b543e03fd9ce0e74cbce149d74cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe

Filesize
468KB

MD5
c0fbc494eedcacefe462fee7cc1a6a46

SHA1
d3d140333098f32a2bbc0b0bb484bd4932d2aa41

SHA256
b6b1489aa270f7411edc03679da352ce1dcad59a7f017796f2ffc61392d68f75

SHA512
b118acca2f9f413f8b5515ac5d9ba27ac56bd07bdc579ef13939ae3bdb81476144d46563c8eaff0e50299a5481f8097c6224b37edc45abdc88ce3690b248c4cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe

Filesize
468KB

MD5
66c1ef761fb90b0a6e454e0641d7716f

SHA1
178131d26ff44f01589586fa28cf00d5cac0e5cd

SHA256
f946809aeb0e485c50941c95a1feb0fe195254763a6e43eef95ecb279b4db12b

SHA512
312a49c4646a829e1173d60f50b6dbe118ca34cd6cd8dc6fddd1b479a1b18a67529536478f5cf16c443a5be6ae86de194d5b5d96fdbda43d6e82153053224aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe

Filesize
468KB

MD5
9b7594b75fdbfa16b802e534d6161501

SHA1
29bb6b63c5a58e40a0ea19a158c729646aa81ac9

SHA256
086b47d38fda89933442ce042ebb9bf7e1d094b5e209d724d20fed658ebdcbfc

SHA512
e14a6acbdae238a32503ff5410675c03965a4ed6c0b93922a555df841ee22793a5366185cb79032f9941224beb70a87b02e5b41e82ddb9757b6f62940b3be5ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65038.exe

Filesize
468KB

MD5
b816f013698b31ee971dfd5d8cb71a85

SHA1
c4ec329a5a14f1829d042e9d250dd8c935d13df4

SHA256
d2c413b310782730473f91b21678e72e285f69b08286a316a26c2fe44049d9b8

SHA512
5d3266df0c3b891e517c28aa9807e59dff621fb2c9cae6e5ce5f4d6d32897e278a3a77b4bb529932de60d9c6c1dd8b21802eac3f710e1ee130e34754677b078e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe

Filesize
468KB

MD5
72eeac597e103e483b10b0511bd1eb93

SHA1
d1443c2a97cf087a8eaebf0a9ac67a43fd7b8112

SHA256
9fbea30093f93b08511710ea70e6a0d4b6a4a692fcb8ec95b796ed4f6265fd05

SHA512
14fa5ce0a764740f6855c5ed078b8bc82b0c716d71a23051888dcc2d91a420bb8784d60f15b145b654ad2d80675749469c865024912c4721412478324fff9900

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe

Filesize
468KB

MD5
b19858f3332dada4edff471a3c0664dc

SHA1
67c0c9d8926a45632dbec9ef545fdf4f92e5fbfb

SHA256
30ce4c2feae4c011509ffbf72d4ee383937e09db9ec987f96ef46669ad34e249

SHA512
af796091ad8b7e9964274727769827080434996a550799bbd6aa7d5623ddd4852dba8e072cac6c15bf39b9830c677ed4fa3e72b1b921130f20f4d9cfa6d09750

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe

Filesize
468KB

MD5
7bafaa189c844152eddafa7804788a38

SHA1
c1903c14778dc2fd55da1839931de011b0c00963

SHA256
7809f9e841a95897d1f8e5d348102fdf94e3be7b36ef4c7a559f60226957d44a

SHA512
121154a0e90793d803c9e8357489b2ca0566a066f986aee91bdb9f3f405f3a71e43238c5c426deb7cc4ef2c92cf6b601c6aed6e29472fb00f074fed322997ce0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe

Filesize
468KB

MD5
f4b55eefaa0295e0d96d19f4a911b109

SHA1
4e93e1a35beef3a2beecb9f3ff762e39d9086fe9

SHA256
c88727ebf990c0665116020e55c04a06ef1f1ef297e62f76da4b94e2998e67ea

SHA512
2f1d475b7d24da420fef5cd98f1d801f954507d21559b78179afd76cbc53492c15f9255bf00f770379d639636091e63da69941af3eedc877e8df0a8585a0facf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe

Filesize
468KB

MD5
50c4fb03ca97579abb0eccd3b14f7b67

SHA1
9ef02ca8790fa00b304e78c413cdfc9a745e31b7

SHA256
70b2e5b42f5b2d0baadc51371248a1ed5d53198b1fcce0f383e926533ecbd09b

SHA512
3e60ac57ffa5bef46072d371b150c91ab0b0caa0c153bacf5feddc2887857215e2f05569e01993ddeb074d03be9d9cd8ea58f53d2bd2425c950c87411985a967

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe

Filesize
468KB

MD5
61223f28b5d2ca9a212ae64f4addfa71

SHA1
74841f9864804cf8e7085edee872f275ab61d57e

SHA256
8eed168d594c253b37628ad730249823eaeafcd82aeff03ca9bd9cdf9d0a2b55

SHA512
bde789240d5038faf96921f90663dd3a3171e977f25e673f7f781de259d704068db65c07215dfd11fca30aa1c47ada6ac137faff1c5e1c243a37b26131d48f89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe

Filesize
468KB

MD5
6f25ec0137c907290830012c91ad022c

SHA1
3addf55988e2dbb411d151dc66dc650caffc2943

SHA256
cc730d3a8dd5374826356068d953b975c9041f1e83305f91fcd2ad35a1037d0b

SHA512
8abd9d035e6bda56169c9291ed73f213f9904cd0cfec692475c9a60a98750975fb051c1db249b602985d73ef441fabe8db441bbf81809590ecaa7961cec4bd2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe

Filesize
468KB

MD5
9e2a31740360a95b4ebd031c904051d2

SHA1
3c651a4ff4bc367df4856fdbf4fa2651a5659f58

SHA256
7deffc9cf52ca24cde4d5e11dfcae454726ec19de6d186eca519f13d1a1af64a

SHA512
6e590e3f6e0d545a49d0cda91381f530901124c36b743c51fad07ee0cb7f6595b4af2771fd933b4b2f5496af172cecae9afffb3b0d8108ccabcf7db38968b526

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe

Filesize
468KB

MD5
58888d7fa6aa4f7fc09b7ee2a262d177

SHA1
c8b748b3404f41d7b2ca755bb25fdddfc89575fc

SHA256
c36f70b11cdcda66be37580e48eb3be255288204943c8d89ef8a4882b062708f

SHA512
3e3ac98c65f242a77839beb9763918bd70198e49a9ea10b6e8a7358f0f9e02f0edd67c65b2a0d0e52e3cceab1598bf119647bac83716a5d09e44d1866613d813

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56679.exe

Filesize
468KB

MD5
1bc91da28042c9f779204f9d1478c2b7

SHA1
183fbe370c1f4dbba85f4519a8ae65322f0e319a

SHA256
0246a7a3c1bed69c6ca193251b61fb135b2f5c8bfdfe9bd9f06262799a35b448

SHA512
ac6d0ec685b53bb1d82602f3789b6c5c1c866aaa218cdb097d172fe5b60de8800b7a9b242b175c48945804942bb8161d68ec535df86ae3e93776675080d2ba97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe

Filesize
468KB

MD5
111c03a8461b64bf762ea5aba4f12de9

SHA1
78d0b48a6b5b36869ab12e51b6a96379746c7b79

SHA256
a6cd83e055261c1a3c9f25e18ad4ac014daf45d59430edf5d4277c2249baf489

SHA512
9baa0b1b614a761423ac1a889674963fa3e3cab01e323794bf5d6da2e85d6c3ba2524bc1027bfa7ef44ee6b01214700b860a9cb536f235e314c37c02caebae6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe

Filesize
468KB

MD5
486893be42272c0a6b51df77e0be6f36

SHA1
de6f783d4f852380c97c6653bf3ebacc1ccbeb75

SHA256
0682d4d64bdfdad287802c4a92fff9041f978dbbfaf89d6f1d933cf65efcc46c

SHA512
c3b8c475051c54fab35243c816cb2f3b97f11046ea8ede1fdacd1674981c9495c9a6fafbbdc19f786cfcaede45210219ca47947602f48354586cc0cac3f9fe12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe

Filesize
468KB

MD5
4bbf140488212a4cbc9bffee485bf56d

SHA1
f1583499e7b0a382d3d95117b1dc367fe6d3642b

SHA256
ea4fdc088321e4e5794867015ef57fc0d301f58cbac4e02768fe1cc92be06a73

SHA512
0992cbf44c4ab4537ef0fb5e7b01711729ecdd518b2d80438cf8459220c45ce480f5be41be3b41bc3a1d1988868a90f0800644a80af25ca50759271554f46530

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-908.exe

Filesize
468KB

MD5
bc2ccdad3191d379071a4a404a20d815

SHA1
5ce165a7380bbe25475dc56cb6c10563b0c098b8

SHA256
7ff8acc547036e3da8d4a0e75efc910aceef3cd9a0aa71003ace9c01ccbed9c7

SHA512
5f9d831a59b6c0f08979f3f2f98e57e38f4c78f802446d8cd7a8490aea8f49629e9f551f7cb35dde12547c687c705f66209b0e8bc26317440653ed8134b4307b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe

Filesize
468KB

MD5
0601795a47a77c8112be41bf8d8e2f52

SHA1
3a37f8722b9a5c1e1e4f5ed212e91d82f215255f

SHA256
ed49b0fd8f58d1f972f04f814448d0695faa1a8ba671b43f9ff456be656bef7f

SHA512
d23c2bae9527d77f3e1cf45d3c9763468b7e7c7dd75e043abf7ee8c4755db9067d80e5f04cebe66029768ee56a3dbf7a88bab331a9b51b133a0c66134f757a34

Download Submit