774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
Size

468KB
MD5

84e56a2dafe80a54ebe800ceec3ef4bc
SHA1

652ba1bf3f016a31c02fcb540f48963b3d4fcc0f
SHA256

774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d
SHA512

011c923d2974ceb10a79052ceeab7a6abecb86606066d286913677963548ae4a271deecb4d740d181d5f615ec7cf14e118cc86e83b1102d295382118a794a9bc
SSDEEP

3072:L3eSogpKr05USbY/H5fOcf83xCh3P3pIWLHePVPf5xoQSZZg/DlT2:L3/oZ8USwHpOcfBZcZ5x1CZg/c

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1972	Unicorn-44139.exe
2324	Unicorn-174.exe
2864	Unicorn-62182.exe
2848	Unicorn-28846.exe
2796	Unicorn-59572.exe
2820	Unicorn-48643.exe
2904	Unicorn-31651.exe
2572	Unicorn-17253.exe
2544	Unicorn-47979.exe
2224	Unicorn-5555.exe
2724	Unicorn-60231.exe
2600	Unicorn-44450.exe
2716	Unicorn-33589.exe
2008	Unicorn-59966.exe
1644	Unicorn-15782.exe
2924	Unicorn-61959.exe
2192	Unicorn-58430.exe
2980	Unicorn-25011.exe
844	Unicorn-33733.exe
2160	Unicorn-22873.exe
736	Unicorn-314.exe
2424	Unicorn-59721.exe
1008	Unicorn-23427.exe
2040	Unicorn-3329.exe
1320	Unicorn-7148.exe
624	Unicorn-42224.exe
1540	Unicorn-50392.exe
1536	Unicorn-17205.exe
2228	Unicorn-56514.exe
1492	Unicorn-36002.exe
3044	Unicorn-1197.exe
868	Unicorn-35364.exe
784	Unicorn-23011.exe
772	Unicorn-10667.exe
2288	Unicorn-22920.exe
2720	Unicorn-41294.exe
1952	Unicorn-44663.exe
2868	Unicorn-27580.exe
1992	Unicorn-62945.exe
3000	Unicorn-17274.exe
2696	Unicorn-13744.exe
1032	Unicorn-41778.exe
2728	Unicorn-38248.exe
2528	Unicorn-35291.exe
2652	Unicorn-8913.exe
2524	Unicorn-8913.exe
832	Unicorn-55976.exe
2760	Unicorn-60828.exe
2604	Unicorn-34186.exe
1592	Unicorn-14320.exe
2748	Unicorn-30656.exe
2768	Unicorn-52560.exe
1768	Unicorn-53645.exe
1392	Unicorn-48119.exe
2384	Unicorn-56552.exe
2888	Unicorn-8420.exe
3056	Unicorn-1436.exe
1096	Unicorn-56038.exe
380	Unicorn-49816.exe
1072	Unicorn-4144.exe
2164	Unicorn-2098.exe
1716	Unicorn-31363.exe
1892	Unicorn-44170.exe
2056	Unicorn-64035.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
1972	Unicorn-44139.exe
1972	Unicorn-44139.exe
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
2864	Unicorn-62182.exe
2864	Unicorn-62182.exe
1972	Unicorn-44139.exe
2324	Unicorn-174.exe
2324	Unicorn-174.exe
1972	Unicorn-44139.exe
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
2904	Unicorn-31651.exe
2848	Unicorn-28846.exe
2904	Unicorn-31651.exe
2864	Unicorn-62182.exe
2848	Unicorn-28846.exe
2864	Unicorn-62182.exe
2796	Unicorn-59572.exe
2796	Unicorn-59572.exe
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
2324	Unicorn-174.exe
2820	Unicorn-48643.exe
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
2820	Unicorn-48643.exe
2324	Unicorn-174.exe
1972	Unicorn-44139.exe
1972	Unicorn-44139.exe
2544	Unicorn-47979.exe
2544	Unicorn-47979.exe
2848	Unicorn-28846.exe
2848	Unicorn-28846.exe
2572	Unicorn-17253.exe
2572	Unicorn-17253.exe
2904	Unicorn-31651.exe
2904	Unicorn-31651.exe
2224	Unicorn-5555.exe
2224	Unicorn-5555.exe
2864	Unicorn-62182.exe
2864	Unicorn-62182.exe
2724	Unicorn-60231.exe
2724	Unicorn-60231.exe
2796	Unicorn-59572.exe
2796	Unicorn-59572.exe
1644	Unicorn-15782.exe
1644	Unicorn-15782.exe
1972	Unicorn-44139.exe
1972	Unicorn-44139.exe
2716	Unicorn-33589.exe
2716	Unicorn-33589.exe
2600	Unicorn-44450.exe
2600	Unicorn-44450.exe
2820	Unicorn-48643.exe
2820	Unicorn-48643.exe
2324	Unicorn-174.exe
2324	Unicorn-174.exe
2008	Unicorn-59966.exe
2008	Unicorn-59966.exe
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
2192	Unicorn-58430.exe
2192	Unicorn-58430.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3116	2996	WerFault.exe	107
3560	3320	WerFault.exe	282

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43990.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
1972	Unicorn-44139.exe
2324	Unicorn-174.exe
2864	Unicorn-62182.exe
2848	Unicorn-28846.exe
2820	Unicorn-48643.exe
2796	Unicorn-59572.exe
2904	Unicorn-31651.exe
2544	Unicorn-47979.exe
2224	Unicorn-5555.exe
2572	Unicorn-17253.exe
2724	Unicorn-60231.exe
2600	Unicorn-44450.exe
2716	Unicorn-33589.exe
2008	Unicorn-59966.exe
1644	Unicorn-15782.exe
2924	Unicorn-61959.exe
2192	Unicorn-58430.exe
2980	Unicorn-25011.exe
844	Unicorn-33733.exe
2160	Unicorn-22873.exe
736	Unicorn-314.exe
2424	Unicorn-59721.exe
1008	Unicorn-23427.exe
1320	Unicorn-7148.exe
2040	Unicorn-3329.exe
624	Unicorn-42224.exe
1540	Unicorn-50392.exe
1536	Unicorn-17205.exe
2228	Unicorn-56514.exe
1492	Unicorn-36002.exe
3044	Unicorn-1197.exe
868	Unicorn-35364.exe
784	Unicorn-23011.exe
2288	Unicorn-22920.exe
772	Unicorn-10667.exe
2720	Unicorn-41294.exe
1952	Unicorn-44663.exe
2868	Unicorn-27580.exe
1992	Unicorn-62945.exe
3000	Unicorn-17274.exe
2696	Unicorn-13744.exe
1032	Unicorn-41778.exe
2728	Unicorn-38248.exe
2528	Unicorn-35291.exe
2524	Unicorn-8913.exe
2652	Unicorn-8913.exe
832	Unicorn-55976.exe
2760	Unicorn-60828.exe
2604	Unicorn-34186.exe
2748	Unicorn-30656.exe
1592	Unicorn-14320.exe
2768	Unicorn-52560.exe
1768	Unicorn-53645.exe
1392	Unicorn-48119.exe
2384	Unicorn-56552.exe
2888	Unicorn-8420.exe
1096	Unicorn-56038.exe
3056	Unicorn-1436.exe
1072	Unicorn-4144.exe
2164	Unicorn-2098.exe
380	Unicorn-49816.exe
1892	Unicorn-44170.exe
1716	Unicorn-31363.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 1972	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	31
PID 2412 wrote to memory of 1972	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	31
PID 2412 wrote to memory of 1972	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	31
PID 2412 wrote to memory of 1972	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	31
PID 1972 wrote to memory of 2324	1972	Unicorn-44139.exe	32
PID 1972 wrote to memory of 2324	1972	Unicorn-44139.exe	32
PID 1972 wrote to memory of 2324	1972	Unicorn-44139.exe	32
PID 1972 wrote to memory of 2324	1972	Unicorn-44139.exe	32
PID 2412 wrote to memory of 2864	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	33
PID 2412 wrote to memory of 2864	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	33
PID 2412 wrote to memory of 2864	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	33
PID 2412 wrote to memory of 2864	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	33
PID 2864 wrote to memory of 2848	2864	Unicorn-62182.exe	34
PID 2864 wrote to memory of 2848	2864	Unicorn-62182.exe	34
PID 2864 wrote to memory of 2848	2864	Unicorn-62182.exe	34
PID 2864 wrote to memory of 2848	2864	Unicorn-62182.exe	34
PID 2324 wrote to memory of 2796	2324	Unicorn-174.exe	36
PID 2324 wrote to memory of 2796	2324	Unicorn-174.exe	36
PID 2324 wrote to memory of 2796	2324	Unicorn-174.exe	36
PID 2324 wrote to memory of 2796	2324	Unicorn-174.exe	36
PID 1972 wrote to memory of 2820	1972	Unicorn-44139.exe	35
PID 1972 wrote to memory of 2820	1972	Unicorn-44139.exe	35
PID 1972 wrote to memory of 2820	1972	Unicorn-44139.exe	35
PID 1972 wrote to memory of 2820	1972	Unicorn-44139.exe	35
PID 2412 wrote to memory of 2904	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	37
PID 2412 wrote to memory of 2904	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	37
PID 2412 wrote to memory of 2904	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	37
PID 2412 wrote to memory of 2904	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	37
PID 2904 wrote to memory of 2572	2904	Unicorn-31651.exe	39
PID 2904 wrote to memory of 2572	2904	Unicorn-31651.exe	39
PID 2904 wrote to memory of 2572	2904	Unicorn-31651.exe	39
PID 2904 wrote to memory of 2572	2904	Unicorn-31651.exe	39
PID 2848 wrote to memory of 2544	2848	Unicorn-28846.exe	38
PID 2848 wrote to memory of 2544	2848	Unicorn-28846.exe	38
PID 2848 wrote to memory of 2544	2848	Unicorn-28846.exe	38
PID 2848 wrote to memory of 2544	2848	Unicorn-28846.exe	38
PID 2864 wrote to memory of 2224	2864	Unicorn-62182.exe	40
PID 2864 wrote to memory of 2224	2864	Unicorn-62182.exe	40
PID 2864 wrote to memory of 2224	2864	Unicorn-62182.exe	40
PID 2864 wrote to memory of 2224	2864	Unicorn-62182.exe	40
PID 2796 wrote to memory of 2724	2796	Unicorn-59572.exe	41
PID 2796 wrote to memory of 2724	2796	Unicorn-59572.exe	41
PID 2796 wrote to memory of 2724	2796	Unicorn-59572.exe	41
PID 2796 wrote to memory of 2724	2796	Unicorn-59572.exe	41
PID 2820 wrote to memory of 2716	2820	Unicorn-48643.exe	44
PID 2820 wrote to memory of 2716	2820	Unicorn-48643.exe	44
PID 2820 wrote to memory of 2716	2820	Unicorn-48643.exe	44
PID 2820 wrote to memory of 2716	2820	Unicorn-48643.exe	44
PID 2412 wrote to memory of 2008	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	42
PID 2412 wrote to memory of 2008	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	42
PID 2412 wrote to memory of 2008	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	42
PID 2412 wrote to memory of 2008	2412	774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe	42
PID 2324 wrote to memory of 2600	2324	Unicorn-174.exe	43
PID 2324 wrote to memory of 2600	2324	Unicorn-174.exe	43
PID 2324 wrote to memory of 2600	2324	Unicorn-174.exe	43
PID 2324 wrote to memory of 2600	2324	Unicorn-174.exe	43
PID 1972 wrote to memory of 1644	1972	Unicorn-44139.exe	45
PID 1972 wrote to memory of 1644	1972	Unicorn-44139.exe	45
PID 1972 wrote to memory of 1644	1972	Unicorn-44139.exe	45
PID 1972 wrote to memory of 1644	1972	Unicorn-44139.exe	45
PID 2544 wrote to memory of 2924	2544	Unicorn-47979.exe	46
PID 2544 wrote to memory of 2924	2544	Unicorn-47979.exe	46
PID 2544 wrote to memory of 2924	2544	Unicorn-47979.exe	46
PID 2544 wrote to memory of 2924	2544	Unicorn-47979.exe	46

C:\Users\Admin\AppData\Local\Temp\774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe
"C:\Users\Admin\AppData\Local\Temp\774b80d23761ae6446325ac07727994b8a2d7e95107d42761a597941a01f658d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41778.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        8⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7957.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        7⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1954.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        5⤵
        
        PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        7⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        6⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        6⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        7⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 188
        8⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        6⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        6⤵
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        5⤵
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26187.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        5⤵
        
        PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        5⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        5⤵
        
        PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
      4⤵
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24511.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
      4⤵
      PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28520.exe
      4⤵
      PID:5760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        8⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
        7⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
        6⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11265.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33531.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        5⤵
        
        PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
        6⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        5⤵
        
        PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        5⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        5⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58591.exe
      4⤵
      PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
      4⤵
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
      4⤵
      PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
      4⤵
      PID:5776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15782.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        6⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        6⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
      4⤵
      PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
      4⤵
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41421.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
      4⤵
      PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7813.exe
        5⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-723.exe
      4⤵
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64940.exe
      4⤵
      PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
      4⤵
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      4⤵
      PID:6136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
      4⤵
      PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
      4⤵
      PID:352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
      4⤵
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
      4⤵
      PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
    3⤵
    PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
    3⤵
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
    3⤵
    PID:3096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
    3⤵
    PID:4384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        7⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        6⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        7⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        6⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        7⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        6⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        7⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
        7⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        6⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        6⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39557.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        5⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        5⤵
        Executes dropped EXE
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        5⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        5⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
      4⤵
      PID:984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
      4⤵
      PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
      4⤵
      PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        6⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33152.exe
        5⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        5⤵
        
        PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        5⤵
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        5⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        5⤵
        
        PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12928.exe
      4⤵
      PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
      4⤵
      PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        5⤵
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
      4⤵
      PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
      4⤵
      PID:5488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
      4⤵
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
      4⤵
      PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
      4⤵
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
      4⤵
      PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
    3⤵
    PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
      4⤵
      PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
    3⤵
    PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
    3⤵
    PID:4596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31651.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31651.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        7⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
        6⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        6⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        6⤵
        
        PID:3336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        6⤵
        Program crash
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exe
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56832.exe
      4⤵
      PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47944.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
      4⤵
      PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
      4⤵
      PID:5244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        6⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        6⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5031.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        5⤵
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        5⤵
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
      4⤵
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9312.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
      4⤵
      PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
    3⤵
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
    3⤵
    PID:1760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
    3⤵
    PID:5236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36002.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        5⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        5⤵
        
        PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
      4⤵
      PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
      4⤵
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        5⤵
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
      4⤵
      PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
      4⤵
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
      4⤵
      PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
      4⤵
      PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
    3⤵
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
      4⤵
      PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
      4⤵
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
    3⤵
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
    3⤵
    PID:4008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34186.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
      4⤵
      PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
      4⤵
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
      4⤵
      PID:1364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
    3⤵
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
      4⤵
      PID:5308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
    3⤵
    PID:4220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
    3⤵
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65504.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
      4⤵
      PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
    3⤵
    PID:1488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
    3⤵
    PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
  2⤵
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
    3⤵
    PID:6096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15106.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15106.exe
  2⤵
  PID:3100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
  2⤵
  PID:3260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
  2⤵
  PID:4412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
  2⤵
  PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe

Filesize
468KB

MD5
f0f385109ebc316cb6e64fbf244ccde2

SHA1
2dffbacfd6086dcf80eaf3559cc569afab457350

SHA256
ee0df87e01101645306ea4c804debbb33622b8b7bb0038813449d13c65a54534

SHA512
a23af46ad011ccbcd03a589302e8abb7e92211e0b72796a1846cadfc3981d6e89f910b46032ed4a76d5511ee79ab0ad312dc8ef7351bf356432e20c40c112f2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe

Filesize
468KB

MD5
36ddc6d2ec2fac6fbaed0c1c38451cc0

SHA1
a62fdc17d19a829b579d14bb0b797ff11f0efbb5

SHA256
bf90692ff5f15e9b986aaf1791de6b11758956bf734ec696cee3f52b8e758c82

SHA512
abc05c1911995877b4a839a0405fa4c133df9cca99b45173ce0b446476ed2010156f10b1849a74013e0c1a5393d58767e3fad4485ed08076a9f70e920b0bbd84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe

Filesize
468KB

MD5
c9eb31a69c9944aa69d545f5288cb30b

SHA1
66b8c6ebb03ca5035135df3acf2a5926793e57f3

SHA256
25363fb4bc26e724816390ec6bfe34baf398f15d9b5ef287622bbec997112485

SHA512
5b845dae26fb980f7dcfc7a5fc99c6742a52861d824de4dfd002fdf61bdfe8f2cf92d57ca901a19a2f497ff75f885193c48a86a1a50e6c27bea2c746cbfc2270

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9312.exe

Filesize
468KB

MD5
a3253c4a74228c35bbcba951006166a1

SHA1
f007b82acf3dad5b0bddc312998216e34433797b

SHA256
56d4024a2f655cba37050c19761a3ab9c882938820fa57f0d6ee9483ca9030df

SHA512
602d3b725a2b89dc4c1b5fe248dfa1fbf55bddd92b168b491c180a49851a3cf37bfc5335fd7d6d065bd6951d05127804ae10bda0ff28257e432cd0b932c6bc12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15782.exe

Filesize
468KB

MD5
807f94391f81388cb55e707abab3f879

SHA1
8c3db1bc8c03126b49c56a0dff4144c3f5d5ca0d

SHA256
166c9ce8f23e1def6ec4ec55eac9fedf14fa72d84343f182fbc6278c8f8f7674

SHA512
60b0f8a6b0e1e12ea9831627fb9edb205ee94d0898565bb5156e0d06dec0146ccc418f98881343aa6c118582fd89b622e627b2a14bf7fe823afef24d5041e1ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe

Filesize
468KB

MD5
9c400780ae1ec74dde39e2aebe36f80d

SHA1
b8e531f5dcdfe6f32d992e65c1d385f0367cffed

SHA256
8098a9b32f59e9fb1457b9de1ca4b803b9a89f93fdc014a6f696dee29db9c166

SHA512
1ee375028979415c673a935b5d5c223eb68f46f02f2cbe5eec6f1757dd7c17f939b53c578a8044a4ab536d85740fa3263839fe66300d83e95f2b37b7508eeb07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe

Filesize
468KB

MD5
cbe2e648ab25e89044cf6fa30c1821bf

SHA1
67908d42422699d8c9485bf55918642fa470dc8d

SHA256
d3c4863c14477a7af7000e70097c8a052cd48e34561c1616850cc3005fb4015d

SHA512
f59e6cce5abaea911cf418614bdb1cfdeb6f49efceabbb7f7bb2ad3a34978409e7a7589bbbb8f3c35ee858f2140342a59083150378234d8630bc8f8a0672b5c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe

Filesize
468KB

MD5
42360c62c99f8838e5c561ba87d7d6af

SHA1
36a8d495bd46cdb3be2b90396f3f59750e771576

SHA256
8e42a5f31e523b80a76ab86eb5c492e454834eeb68b8815d41637bf7c9d343c4

SHA512
f2aab168a73395bf44740ef6effc3dc3f970cafa052cf46eaa9f00e8b1b8f82a4f6a57f1b908ef8bb14b1e1f189615c2b6d047bb033a8b587aca91d7ecd82688

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31651.exe

Filesize
468KB

MD5
1f87b71a36b3fc37216cc8a413bced0a

SHA1
2817d78a84ba6a1721d06e60fbe9d066ba0080e6

SHA256
41ebf194638798ea14064493a5155bf655840e4e0502689f0570b89a3438ab38

SHA512
f0d9c7939cf1d7d68f770fc06d84536067aa22d11f8b17d3d8ac0f128107a5654aeaeae4b2c37a146bec1aa6691b47b9259ab46fb86ddd289be155c45ccc1b37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe

Filesize
468KB

MD5
a351877023b31a103489a9d7b85ddba6

SHA1
7073b9e40307dcc854884e73b1e70641bc599d6c

SHA256
4ad76b6c195436d038ee6568ea247ec7fa61353baaa6406203f485dc767f3a50

SHA512
ee75be57a47e51756ee384afc4b44a05142762727f48f0520bd3c1c2af27e570434615d98912b47a5df2e8cb1f651a10396774caa70510c50113774f15a2febf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe

Filesize
468KB

MD5
3c32c31c3fb9041806286bbd97c85666

SHA1
dd46f58aabd2ef9f158246df37298376de74aaeb

SHA256
fe77b74340ba0b41de52adafa012a4228e86b8617972f2489289d389df06bdd6

SHA512
4968d2f4803475cc18e64006bcf71000db0d2c4404030b6e26f986c5bf76c7bea6a4e35a8d51d6af1eee8adb570ee82bdb63d327b2a155c16a018c51cd2e21d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe

Filesize
468KB

MD5
79f9aae2416148307e7763654e1e234b

SHA1
fba2dfc5c6988b9eef1c0199df247c62361de4bd

SHA256
1453293cf07735cfc32412c8c62fc0359be18728463fff25dcbf46c95b3160be

SHA512
a7ac72f6bcfd14b506778d7ec4804529659bc05cc2c262184a843271b3af43e8d2882200008c33546466c9d50ec8142b8781ccb0cbaf4ded068a00e082bf6cc7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe

Filesize
468KB

MD5
000a7deabada06607b3b9fc76e817814

SHA1
24b9f4d83e284d9d19e7c57f322682a4932e7e42

SHA256
60e6450df3e375d5a203cacf2e52a384e38c041f910b93a64cb4364388e23efb

SHA512
ab675467ffc2cb0466ff47303606f3c4f8520368bb0c778d7fbc8a8f74c4b45f0193555964a1abad2c3543936566039e01617b3e1ca9de2c51556702d38402ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe

Filesize
468KB

MD5
3243879d813d5c1645447d9e9ef7459c

SHA1
8fcd915da039d4cdb8fe32c00ae1218801ed55ad

SHA256
472b955701504a4c4db8f84071c2779de3a6652a46a352257caf1a1e76be9fa0

SHA512
86581a3b41412b59f88d8377b09be2ce549056432976de07724553c8f74a39805267ddc55e54f15065a63d13eb73f43c0ab952992e73674564421e8c26c3375c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe

Filesize
468KB

MD5
57d962fa00a32749ea2ed00b97c81f0b

SHA1
7ac1c5d34a77301cf32d056bd704b0fa9912aaee

SHA256
8ed2bad25d4c8205f2db3f9203cf61418148de67f89143fe33ed91dc59237e65

SHA512
6ae5e26910e4143d5afe8e399eda648f0c275bacc776c264604f88f316362a86c94e0ab51d03fbf36c517b38eaab64dbd4a6ff7cdc4fef6b0c9f32b2c55fe6e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe

Filesize
468KB

MD5
cc0bbd6a97dee24d71d65692116b420a

SHA1
8507b8229a0ecaa64ba90a2df70fd06d582b4805

SHA256
de60349e3fcfdcf6fcf040d7c18ac9cc75831521d100ef4a40c409ee53d22892

SHA512
ca2e7587a1cfbce2c4143d7b00baf221945330439fc8b555bd27e1ca32f20b8c89ec887b0831e21f94eff9a058efcd21c54b12c211cb8c57754ed866e78ef850

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe

Filesize
468KB

MD5
261d6a875480efc74d0331339bc118d3

SHA1
bc964b91e5bfa0961451fa8bba0cadb70bdeca16

SHA256
7b5fb81e05937a134a42eda098c2dd3eaa5775670111c4d1667e26ad176058ea

SHA512
4cfe5fb2b7f31b580e45cd74f580f60b84e19a3bb6b7c7e32584da6d49343f13235c9a624b9fd1d51fdf41303352b91374d530caac7338e022ab3f600a1eaa6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe

Filesize
468KB

MD5
5952b3798961644d7885f5e4b1a42ea8

SHA1
85f69194c84df5f8194363f11bbd71897204ef58

SHA256
427970db55bedb9335d94c430f274061609ee5a1507c6db69e0bee993198b6dd

SHA512
2a44f90abb78aa20f0a121ba033e6c6a9b826d04a29b42419eff457ada19a08ca3432f11d18e50af98cf52b92b5d9f97a8364173f39a4d17f799a4a78b352504

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe

Filesize
468KB

MD5
97f30355ef8f8ae5604c96cb28cb9de1

SHA1
77c216a40add1ae9e7555b4a70ede8d39ffa03a5

SHA256
733e1e16c417db1e483e0cd989eb7ad6946f66b71112d44000f7912fb91c4bbc

SHA512
ea96beb2b848bccf77361955ac02d0ff8c4d18bdd3fae25aeda0f8d0702b4b3baa0c9ec99841a4f1b3dd7ff847707a4b82734b2808e8b6e55a6972930bd54a74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe

Filesize
468KB

MD5
2ba67d6427ba6de3c31a0868aae62e33

SHA1
93464b350c6f65db4534a42ac02cf3f835d8a6e9

SHA256
10e03e44b591a077f3c218af0b71061894cef7c2d32fd3691672a4b7fbf96c8e

SHA512
28e598a283b7cfc5816831b0da12a31d69c42b54ea126fbb183ad9be140fa0e5c2acaef08abf626d835ad0c62338264dcbf8ce9334b270a68aadff166f0d2bfb

Download Submit