e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
Size

468KB
MD5

c96b79e436f4080efef3d3fca6a15ca0
SHA1

79d5d54eafb70007b3a85c11bbd0062bfdb3115e
SHA256

e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4
SHA512

cde03510c5aee266dafd2dbbf4767325bb3f43a9ee255f3cad5d70980b3f6eabcb4d66834d8b2ff87ab80952de48778458e33ddde7e3ddb98f949871df3d7b0b
SSDEEP

3072:4belogxOIU573rYlPzcfmbfD/n2DhsIHzQmyeQVIAm40kt2buxLlkj:4b4o2c73eP4fmbf1a5am4FUbux8

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2972	Unicorn-48235.exe
2784	Unicorn-56486.exe
2868	Unicorn-14062.exe
2664	Unicorn-25843.exe
2392	Unicorn-57124.exe
264	Unicorn-59283.exe
1496	Unicorn-53153.exe
1676	Unicorn-47415.exe
2140	Unicorn-52822.exe
2428	Unicorn-62381.exe
316	Unicorn-39823.exe
1832	Unicorn-33692.exe
2656	Unicorn-62936.exe
1532	Unicorn-28951.exe
1796	Unicorn-52350.exe
2276	Unicorn-1758.exe
2488	Unicorn-21432.exe
2232	Unicorn-3512.exe
1332	Unicorn-23378.exe
1140	Unicorn-31546.exe
2504	Unicorn-33583.exe
1064	Unicorn-3625.exe
372	Unicorn-9755.exe
1376	Unicorn-63595.exe
1688	Unicorn-17924.exe
1752	Unicorn-64721.exe
1520	Unicorn-46704.exe
3060	Unicorn-19299.exe
2076	Unicorn-181.exe
2388	Unicorn-5889.exe
1724	Unicorn-25755.exe
884	Unicorn-1150.exe
2932	Unicorn-48121.exe
3012	Unicorn-44592.exe
2352	Unicorn-7088.exe
2980	Unicorn-63087.exe
2936	Unicorn-4327.exe
2976	Unicorn-42567.exe
2516	Unicorn-3580.exe
2444	Unicorn-22609.exe
480	Unicorn-46559.exe
1036	Unicorn-46559.exe
1480	Unicorn-58811.exe
1504	Unicorn-38291.exe
2888	Unicorn-680.exe
568	Unicorn-60492.exe
2092	Unicorn-25947.exe
2476	Unicorn-25947.exe
2112	Unicorn-39521.exe
1936	Unicorn-39521.exe
1620	Unicorn-32745.exe
1096	Unicorn-44732.exe
1748	Unicorn-59771.exe
868	Unicorn-64410.exe
1816	Unicorn-18739.exe
1316	Unicorn-9609.exe
1056	Unicorn-2210.exe
2288	Unicorn-43143.exe
1052	Unicorn-49273.exe
2540	Unicorn-14462.exe
3004	Unicorn-15017.exe
2624	Unicorn-5479.exe
2468	Unicorn-2786.exe
1780	Unicorn-383.exe

Loads dropped DLL 64 IoCs

pid	Process
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
2972	Unicorn-48235.exe
2972	Unicorn-48235.exe
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
2784	Unicorn-56486.exe
2784	Unicorn-56486.exe
2972	Unicorn-48235.exe
2972	Unicorn-48235.exe
2868	Unicorn-14062.exe
2868	Unicorn-14062.exe
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
568	WerFault.exe
568	WerFault.exe
568	WerFault.exe
568	WerFault.exe
568	WerFault.exe
2664	Unicorn-25843.exe
2664	Unicorn-25843.exe
2784	Unicorn-56486.exe
2784	Unicorn-56486.exe
2392	Unicorn-57124.exe
2392	Unicorn-57124.exe
2972	Unicorn-48235.exe
264	Unicorn-59283.exe
2972	Unicorn-48235.exe
264	Unicorn-59283.exe
2868	Unicorn-14062.exe
2868	Unicorn-14062.exe
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
1676	Unicorn-47415.exe
1676	Unicorn-47415.exe
2664	Unicorn-25843.exe
2664	Unicorn-25843.exe
2428	Unicorn-62381.exe
2428	Unicorn-62381.exe
2392	Unicorn-57124.exe
2656	Unicorn-62936.exe
2392	Unicorn-57124.exe
2656	Unicorn-62936.exe
2140	Unicorn-52822.exe
2140	Unicorn-52822.exe
2868	Unicorn-14062.exe
2868	Unicorn-14062.exe
2784	Unicorn-56486.exe
2784	Unicorn-56486.exe
316	Unicorn-39823.exe
316	Unicorn-39823.exe
264	Unicorn-59283.exe
264	Unicorn-59283.exe
1832	Unicorn-33692.exe
1832	Unicorn-33692.exe
2972	Unicorn-48235.exe
2972	Unicorn-48235.exe
1532	Unicorn-28951.exe
1532	Unicorn-28951.exe
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
1796	Unicorn-52350.exe
1796	Unicorn-52350.exe
1676	Unicorn-47415.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
568	1496	WerFault.exe	36
2184	1376	WerFault.exe	54
2200	480	WerFault.exe	71
840	296	WerFault.exe	112
3400	1036	WerFault.exe	72
3168	1496	WerFault.exe	111
3692	2448	WerFault.exe	137
3688	320	WerFault.exe	109
3592	2712	WerFault.exe	108

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40645.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
2972	Unicorn-48235.exe
2784	Unicorn-56486.exe
2868	Unicorn-14062.exe
2664	Unicorn-25843.exe
2392	Unicorn-57124.exe
1496	Unicorn-53153.exe
264	Unicorn-59283.exe
1676	Unicorn-47415.exe
2140	Unicorn-52822.exe
2428	Unicorn-62381.exe
1832	Unicorn-33692.exe
316	Unicorn-39823.exe
2656	Unicorn-62936.exe
1532	Unicorn-28951.exe
1796	Unicorn-52350.exe
2276	Unicorn-1758.exe
2488	Unicorn-21432.exe
2232	Unicorn-3512.exe
1332	Unicorn-23378.exe
1140	Unicorn-31546.exe
1064	Unicorn-3625.exe
372	Unicorn-9755.exe
2504	Unicorn-33583.exe
1688	Unicorn-17924.exe
1376	Unicorn-63595.exe
1752	Unicorn-64721.exe
1520	Unicorn-46704.exe
3060	Unicorn-19299.exe
2076	Unicorn-181.exe
2388	Unicorn-5889.exe
1724	Unicorn-25755.exe
884	Unicorn-1150.exe
2932	Unicorn-48121.exe
3012	Unicorn-44592.exe
2352	Unicorn-7088.exe
2936	Unicorn-4327.exe
2980	Unicorn-63087.exe
2976	Unicorn-42567.exe
2516	Unicorn-3580.exe
480	Unicorn-46559.exe
2888	Unicorn-680.exe
568	Unicorn-60492.exe
1036	Unicorn-46559.exe
2444	Unicorn-22609.exe
1480	Unicorn-58811.exe
1504	Unicorn-38291.exe
2476	Unicorn-25947.exe
2092	Unicorn-25947.exe
2112	Unicorn-39521.exe
1936	Unicorn-39521.exe
1620	Unicorn-32745.exe
1096	Unicorn-44732.exe
1748	Unicorn-59771.exe
1816	Unicorn-18739.exe
868	Unicorn-64410.exe
1316	Unicorn-9609.exe
1056	Unicorn-2210.exe
1052	Unicorn-49273.exe
2540	Unicorn-14462.exe
2288	Unicorn-43143.exe
3004	Unicorn-15017.exe
2624	Unicorn-5479.exe
2468	Unicorn-2786.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2972	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	30
PID 2912 wrote to memory of 2972	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	30
PID 2912 wrote to memory of 2972	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	30
PID 2912 wrote to memory of 2972	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	30
PID 2972 wrote to memory of 2784	2972	Unicorn-48235.exe	31
PID 2972 wrote to memory of 2784	2972	Unicorn-48235.exe	31
PID 2972 wrote to memory of 2784	2972	Unicorn-48235.exe	31
PID 2972 wrote to memory of 2784	2972	Unicorn-48235.exe	31
PID 2912 wrote to memory of 2868	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	32
PID 2912 wrote to memory of 2868	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	32
PID 2912 wrote to memory of 2868	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	32
PID 2912 wrote to memory of 2868	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	32
PID 2784 wrote to memory of 2664	2784	Unicorn-56486.exe	33
PID 2784 wrote to memory of 2664	2784	Unicorn-56486.exe	33
PID 2784 wrote to memory of 2664	2784	Unicorn-56486.exe	33
PID 2784 wrote to memory of 2664	2784	Unicorn-56486.exe	33
PID 2972 wrote to memory of 2392	2972	Unicorn-48235.exe	34
PID 2972 wrote to memory of 2392	2972	Unicorn-48235.exe	34
PID 2972 wrote to memory of 2392	2972	Unicorn-48235.exe	34
PID 2972 wrote to memory of 2392	2972	Unicorn-48235.exe	34
PID 2868 wrote to memory of 264	2868	Unicorn-14062.exe	35
PID 2868 wrote to memory of 264	2868	Unicorn-14062.exe	35
PID 2868 wrote to memory of 264	2868	Unicorn-14062.exe	35
PID 2868 wrote to memory of 264	2868	Unicorn-14062.exe	35
PID 2912 wrote to memory of 1496	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	36
PID 2912 wrote to memory of 1496	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	36
PID 2912 wrote to memory of 1496	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	36
PID 2912 wrote to memory of 1496	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	36
PID 1496 wrote to memory of 568	1496	Unicorn-53153.exe	37
PID 1496 wrote to memory of 568	1496	Unicorn-53153.exe	37
PID 1496 wrote to memory of 568	1496	Unicorn-53153.exe	37
PID 1496 wrote to memory of 568	1496	Unicorn-53153.exe	37
PID 2664 wrote to memory of 1676	2664	Unicorn-25843.exe	38
PID 2664 wrote to memory of 1676	2664	Unicorn-25843.exe	38
PID 2664 wrote to memory of 1676	2664	Unicorn-25843.exe	38
PID 2664 wrote to memory of 1676	2664	Unicorn-25843.exe	38
PID 2784 wrote to memory of 2140	2784	Unicorn-56486.exe	39
PID 2784 wrote to memory of 2140	2784	Unicorn-56486.exe	39
PID 2784 wrote to memory of 2140	2784	Unicorn-56486.exe	39
PID 2784 wrote to memory of 2140	2784	Unicorn-56486.exe	39
PID 2392 wrote to memory of 2428	2392	Unicorn-57124.exe	40
PID 2392 wrote to memory of 2428	2392	Unicorn-57124.exe	40
PID 2392 wrote to memory of 2428	2392	Unicorn-57124.exe	40
PID 2392 wrote to memory of 2428	2392	Unicorn-57124.exe	40
PID 2972 wrote to memory of 1832	2972	Unicorn-48235.exe	42
PID 2972 wrote to memory of 1832	2972	Unicorn-48235.exe	42
PID 2972 wrote to memory of 1832	2972	Unicorn-48235.exe	42
PID 2972 wrote to memory of 1832	2972	Unicorn-48235.exe	42
PID 264 wrote to memory of 316	264	Unicorn-59283.exe	41
PID 264 wrote to memory of 316	264	Unicorn-59283.exe	41
PID 264 wrote to memory of 316	264	Unicorn-59283.exe	41
PID 264 wrote to memory of 316	264	Unicorn-59283.exe	41
PID 2868 wrote to memory of 2656	2868	Unicorn-14062.exe	43
PID 2868 wrote to memory of 2656	2868	Unicorn-14062.exe	43
PID 2868 wrote to memory of 2656	2868	Unicorn-14062.exe	43
PID 2868 wrote to memory of 2656	2868	Unicorn-14062.exe	43
PID 2912 wrote to memory of 1532	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	44
PID 2912 wrote to memory of 1532	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	44
PID 2912 wrote to memory of 1532	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	44
PID 2912 wrote to memory of 1532	2912	e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe	44
PID 1676 wrote to memory of 1796	1676	Unicorn-47415.exe	45
PID 1676 wrote to memory of 1796	1676	Unicorn-47415.exe	45
PID 1676 wrote to memory of 1796	1676	Unicorn-47415.exe	45
PID 1676 wrote to memory of 1796	1676	Unicorn-47415.exe	45

C:\Users\Admin\AppData\Local\Temp\e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe
"C:\Users\Admin\AppData\Local\Temp\e15d3cbceba1c1b85f7b98071c32fb960666c27b1ccdec3b94ebf1e717d75ba4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11699.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        8⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        7⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        7⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        7⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1758.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25755.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17338.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1202.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        7⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16269.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
        7⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        7⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        7⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
        5⤵
        Executes dropped EXE
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        6⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        7⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        6⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        6⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1172.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
        6⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        7⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57747.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        7⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        7⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
        6⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        6⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        6⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        5⤵
        
        PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        5⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64975.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
      4⤵
      PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
      4⤵
      PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48121.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        7⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        6⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        7⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        6⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        5⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        6⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        5⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
        5⤵
        
        PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
        6⤵
        
        PID:296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 200
        7⤵
        Program crash
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        6⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        6⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        7⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        5⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3689.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40394.exe
        6⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        7⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        6⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        5⤵
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
      4⤵
      PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
      4⤵
      PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
      4⤵
      PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        7⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        6⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        5⤵
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        6⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
      4⤵
      PID:300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23446.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        5⤵
        
        PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
      4⤵
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
      4⤵
      PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
        6⤵
        
        PID:3804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        6⤵
        Program crash
        
        PID:3692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
        5⤵
        Program crash
        
        PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
      4⤵
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32476.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
      4⤵
      PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
      4⤵
      PID:1492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
    3⤵
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
      4⤵
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
      4⤵
      PID:5496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
    3⤵
    PID:3308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
    3⤵
    PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
    3⤵
    PID:1536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        6⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        7⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
        6⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56341.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        6⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        5⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59331.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        6⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        7⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 216
        7⤵
        Program crash
        
        PID:3688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
        6⤵
        Program crash
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
        5⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        6⤵
        Program crash
        
        PID:3168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 220
        5⤵
        Program crash
        
        PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        6⤵
        
        PID:3708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        6⤵
        Program crash
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
      4⤵
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        5⤵
        
        PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
      4⤵
      PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        6⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        7⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        6⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        6⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        5⤵
        
        PID:924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        5⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16269.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        6⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
        5⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        5⤵
        
        PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
      4⤵
      PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        5⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
        6⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        5⤵
        
        PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
      4⤵
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
      4⤵
      PID:5720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
      4⤵
      PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20387.exe
      4⤵
      PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
      4⤵
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exe
    3⤵
    PID:1792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
    3⤵
    PID:6008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 188
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59771.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
      4⤵
      PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
      4⤵
      PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
      4⤵
      PID:6004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
    3⤵
    PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
    3⤵
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
    3⤵
    PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
    3⤵
    PID:5944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19299.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
      4⤵
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
      4⤵
      PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
    3⤵
    PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
    3⤵
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
    3⤵
    PID:936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
      4⤵
      PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
    3⤵
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
    3⤵
    PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
  2⤵
  PID:2768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
  2⤵
  PID:3948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
  2⤵
  PID:5704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe

Filesize
468KB

MD5
829156998a190395fa5410c9aef00257

SHA1
08c2311e4c2f3f528f92c6815ab54bc490a70087

SHA256
035b7f724748afca675d513b10eec77ac1d697b2add336fdcef3997f7fea684d

SHA512
4150c37f7cf6ff91f3cee69fd1f679db1b588883098dae16fba09475980de2b61eb9a4db3db924c5df5e9fa371dc8f8b942048fbd1e51514502914cd5806a9ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe

Filesize
468KB

MD5
a3e554fb0fe8f0f45d84ecd4ce657be0

SHA1
4a0d7f0f8e3f3925921364bcb5abd6307d13c56f

SHA256
3acdfe85e286fe46d19eaaa2eccac8a4f00c8ee1edf3f4771a7c429a5156cf00

SHA512
287fe9c50d0558773e844bbab10d264978bf79ae8da19c7736624988f286af181f7f29ec472dd52928f2843bef8404135a8fcf87410687b9b7027a4880f0c841

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe

Filesize
468KB

MD5
bbaa24c658317623734d2c06f704ed09

SHA1
175d5e44d22501dee8ad9595641877e38d46495f

SHA256
d74ad6b220498b7b8dd0e253f31eb732b3a2327f4f5a512b7f0cb87fc5315ffc

SHA512
3d5fba20d1b4c41c46c48d176e8423c69589120926fab9f6ac8a9a8f9254cfd81d35bc68b5550dca236301b2e8e235e7b4489fabadf4844b0c8f9174184ae307

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe

Filesize
468KB

MD5
9dbaeae5f506728b106a216001e2dfe1

SHA1
5dc1e286d2007acee7aadb841f573eb35f99ff8c

SHA256
f5440b23e09fa44c0f6458965ae1cf5b2cbcc36fc53f31a5c5505549f69e3dda

SHA512
ef6805d4e2ab4caf73ff7c3f0e0b22c75f7ee048db44e81946be308e1d35371e9d51bea8cc1b7f5f3d354a2514c46a9daa242ab9fba55b6d133091046227427b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe

Filesize
468KB

MD5
0d3b372f29b999eece1f2955cff9bfe1

SHA1
fcee823a2cff92f40fa40aa2e9b776916606aa0e

SHA256
434ad24633e369bdce4f5b2d4d2a04c75e88de3a0af4779a11576d78991c5238

SHA512
6d9d74c191acf161ed72ce97aeb1f9a26cdfc7176b00076ef41cf1b3cc147aa729635f85e245254650b7267b74cafb51391c451bec9d78acb85c84a9b38a7b95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe

Filesize
468KB

MD5
89f0aba5a8cb3da6994e3a2e522e8e82

SHA1
8c60847b5046a5a337228caa78476516de8bb8bb

SHA256
07a1c7f6e905e71e7d085da6d2e67cf31cc7e5e3f4e745aa42ce2ce426f43e83

SHA512
f32461243eef299f4b84a32d262a183e0a3ef4450aeb23703dfdf9b48befc466025adc1cb0779d36d15433a66e8ecf8305b5126c47a7b9270fd5a88e65a0d033

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe

Filesize
468KB

MD5
a6a54033b2becb4b38a11e9286d514b4

SHA1
dc82222c4d78cf851bb38fcea0866188d39e6095

SHA256
b0f20197cd82370ae42804310c8f8b78d60cfa720158f014c3877d04739aa9a2

SHA512
017c0dc6c6e831864e0a874dfc8a6df36725428c033ae6c638eaec5afcdcfed642ed1602ad00dc8a9939d8f54ecffea9ad653c40264dac9992240af5315169ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe

Filesize
468KB

MD5
23ad986822d0337513d1c9f927dd1bcd

SHA1
b5b5bee434ea478d288c8ed64def8eddacada3b3

SHA256
e8b168d34a9a7c50009267942b87855af2ae0683522738db13e7a2d591543194

SHA512
a1ca5ed14b9b01729ecfcb01e4dde40e8c9a464faf368aa9b9e5d714a09c1f34cfc9b8e75ef1d497641b629a9e04a06e48f0dea810b6e00caea5e0e0aab759fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe

Filesize
468KB

MD5
5e8df3a66c8a6cf33d464caac4588ef8

SHA1
ee5fa8b087fd4e5c473214397212378f14ef0057

SHA256
06e1466cd49bd6c657afcdaeb98e479069737770df44e90ea5732800cdf1955c

SHA512
9d20961c9fc05a08bfd4740e3e70c1df48355f7f5d1649d48697d2c0b2a9e8c80e318349ea38f8e8310106e8abaa5d7a09ea34bea834586cebe114ed00e61b9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1758.exe

Filesize
468KB

MD5
9c41df89f11e2ec7bb26439248d20551

SHA1
4fdb84c319d51b94135d834294bbd672c574d004

SHA256
25a8891805c35973c1971d17b40246461640db79ade7088300e43d52e0d890f9

SHA512
3a31ef15f88fa67cc9478efddee0b9c4ee4fc98eac87c801ee2568bad506fd9e225bfe1129618f2a1f13f02e4c9bbfc80302c8cd71f61d94a5082e407ac3d0c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe

Filesize
468KB

MD5
b69d5cdd4b1eb67da9054861ef271b88

SHA1
26609ccebef99d115927ba51214c76c3b3de92f8

SHA256
bfc2e506890e6703af91c8cee6b947d127ba9ce022e539bfb1de1bb4ba2a45f3

SHA512
0349c22c3bd9415992d05fae3c9147ac617eb7c014b060b7a36e4b1da95902341ab1cd2a8d34f23b61582c3f9797bb285da7e75b3d05dc20cf487efa54b45c08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe

Filesize
468KB

MD5
6aba3418fccc094c4b69de5e9efee0cf

SHA1
b0217eaf5d2e52c432e0e4f3c87486ab86469560

SHA256
2b2d9460144a1d25edf8594852f4e669a4935cc52f571e44813372150652fde1

SHA512
84fb70c6eb7162a89b8f3a4cd46d05d068f262d968a664d4295aeadc8c95ed02cd25146146a08a9366d5befdb1449eb00ed73e986ca733305d3ee93cb1469f58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe

Filesize
468KB

MD5
c8f4a601abc1d6eef1784e6568380e79

SHA1
e04deace03fb8d328349b8c3df2970720f4cd2f1

SHA256
a5f5f3c8b57a6c619be719131980c3318a7739b2dc8bde4995bd291596843ba6

SHA512
d7de428f998dd4c5555001be08bfcca0b95695fd932fadc618ac1629ff2e027874cccffaa70f2656d55236d07a9e34f38749170e8592103bcd7b07864aea2fce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe

Filesize
468KB

MD5
17054bade74dddf5b700b45532bd055d

SHA1
bab40622c5cc72f7a7f5c716f052c93b7c5eb06d

SHA256
af263fc77af2589c467866bec558704a7c12fa6959a3aba0bd0cd84a11abe32a

SHA512
8f326bcc738912ceabca4eb1b80289814cfd2f7a60365d343d0452fc0ac6aeb1c8685b9a72a404f30bd844dd6fc316ff3d9add0bce1fabe8b5f351529da67b8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe

Filesize
468KB

MD5
59ee687651c9485e6d213765473d55d0

SHA1
d23d6bb89f4ac9f05ef872c2a45f3e939f89e848

SHA256
96913b16fb7b1984dc2b8b6b05caf91dad2af484eeabcc6f79b0314c601077cc

SHA512
703f70e61d15f8decff9beed5f20c1fe2eb27a7d4e3165b21c37f5e2bc504a836eaa0b272246fb843f702723f2d3d613ce380861073e97dfc8339b5f9ef1fd92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe

Filesize
468KB

MD5
4d629f61f5fef80f3479f3053a17c563

SHA1
b97bb3c78679626ea70a9f1b3ba2ee4ae32671a1

SHA256
a5ea67aaed58cc7f896c03011a85d6f5bc7940d0b0c38de63c6325535fad1038

SHA512
1c64c292af3d7710aebc61adb0b42b0d69cbc65e28c14c04cca82ed7a16a24af36dbf5f712494e641851daaacda09a8626a5c63bf935b6827ee59d33db604fa8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe

Filesize
468KB

MD5
1b0f9abb2fd9165bdebdf6840a6645c7

SHA1
6b852f3b2fb683e7a557fadefc9eb7b507264ea8

SHA256
7f9228c7905ec0f74cb7dc68e87a11b56c1f403a2d82836a347aab14eeeb7c29

SHA512
a71a3e91469010bfdeef1dd7f3bdf3619aedcaaf28294d1a52b5057e148710c5de5a087eb9af7ab9f65816f50547cc5f65edaa4bce42146b042fcd151f89f85d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe

Filesize
468KB

MD5
b8d9653cff59f6250243f0639a68196d

SHA1
b0265717d40bfbf7959113792b2a97d957e9dc70

SHA256
0640afdbf6185818b9e5e80e3ac185b09fc4d1da4c32bff1f3e946b3d9c47f88

SHA512
fbd1130c142d6b78cfb42367305aee4c26ff98284e67ef7e745692a78c93ca6e902558355dd66dbdf40ee4826136d7cda5e50627d675574b0662240df876f3b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe

Filesize
468KB

MD5
5fa42196f1fff204bef5a1468f5c3773

SHA1
8c87573e0d5d0ce6d08b0a81a54622d1b4329e5e

SHA256
1fbc76e1cb16e7208c4be6eb1d2aa0cbb98a304b3287129225493abe2e5b7016

SHA512
6d3f76848b84695c51d3e5c730c5eb079959d0c5618531d1927a16e8d036b03943d685a7ba06a7b984d9d0340b4b68fa5f1e0926ed482ba115ce4236bf7f6942

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe

Filesize
468KB

MD5
ef0565d344400a36ffb1c99ca0a18abc

SHA1
7a6a6b288ee70a6d9a5d0f9ced91abed1d210119

SHA256
6f2b5064288f4f7d30b581c0ff7b41d6920212d1b5634b8c9cac2ca99d7d5f73

SHA512
6714d3a25692854ef875ef035afd78080646441ff81a489430b441c4dc2267fd882eb48751650014a4b45386a944fa560822aca2712d7b0f99c1f6bce66de23a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe

Filesize
468KB

MD5
e6657d313379080ae4768e609f8841a2

SHA1
3722f0097187b0108d985dbb53ecc2bf7734fe84

SHA256
021dd2a4aa1547a89dbbecfae14814d6077a0eee104a237b52e6f94baafe6f03

SHA512
e9201b0eb28a176ad3cc8318e0da93b11a59a4e006b68d22da7fcad516648fe43c98a7f91a90be75f84068c84d0a91a5e91849eecd64dc2a126b30c0f3b154c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe

Filesize
468KB

MD5
45fca7262ae7826046aa7525312fba9b

SHA1
b15987f1aff06cfc5e0527128f23dcb07893809e

SHA256
59c014f45d12e6ff51cfd8757e56be9af55deea3d81f94eae62266a6ab7a27c2

SHA512
9ae94a19fc4c9a5a91cdebaba490352f634613426ce99041870048329245626d8e936bb05660aa9601e723b7a7e05c4913b6ee6c1d9baa6dd31b5123f60244e2

Download Submit