403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fb

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
Size

468KB
MD5

a00701b9e7fec64be491d58f10dc3640
SHA1

792570c9534b8fb8adb2c37f0bbedf8c37c5cd9e
SHA256

403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fb
SHA512

883f53f8e5a2f5c943bb35571d72ae91e14554a81fca73d8b00060ff7c405ac700b5204f8f978950926d874ad98fbfd6b5bcf02c8c0daf0ceb233e53b0ac6462
SSDEEP

3072:sJWfo3lw803YmbYgPzcYNfT/sCh8xIpQn2HCOVQl4ivprJhNRflE:sJmodOYm7P4YNfy0Oh4iR9hNR

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2696	Unicorn-3550.exe
2752	Unicorn-19970.exe
2684	Unicorn-8272.exe
2172	Unicorn-24137.exe
2608	Unicorn-16523.exe
1336	Unicorn-41241.exe
276	Unicorn-8468.exe
2648	Unicorn-48423.exe
1096	Unicorn-31572.exe
2732	Unicorn-62621.exe
3068	Unicorn-49300.exe
1488	Unicorn-12029.exe
2888	Unicorn-45527.exe
2460	Unicorn-39662.exe
2308	Unicorn-45792.exe
2016	Unicorn-15642.exe
2244	Unicorn-51007.exe
2296	Unicorn-55112.exe
2180	Unicorn-6466.exe
1628	Unicorn-20110.exe
2508	Unicorn-47307.exe
1384	Unicorn-36446.exe
760	Unicorn-11841.exe
2104	Unicorn-17972.exe
1468	Unicorn-18704.exe
2024	Unicorn-48668.exe
288	Unicorn-60348.exe
2492	Unicorn-39124.exe
2284	Unicorn-39678.exe
1936	Unicorn-59544.exe
1728	Unicorn-26771.exe
1064	Unicorn-38247.exe
2456	Unicorn-43653.exe
1352	Unicorn-6150.exe
1056	Unicorn-59335.exe
2764	Unicorn-46991.exe
2692	Unicorn-16819.exe
2712	Unicorn-53021.exe
2392	Unicorn-28416.exe
1704	Unicorn-38631.exe
2548	Unicorn-21479.exe
2072	Unicorn-4396.exe
1212	Unicorn-312.exe
2944	Unicorn-41245.exe
1324	Unicorn-24716.exe
3016	Unicorn-39569.exe
2216	Unicorn-11002.exe
1276	Unicorn-11002.exe
2896	Unicorn-7473.exe
2796	Unicorn-15641.exe
2420	Unicorn-35507.exe
2376	Unicorn-22293.exe
2112	Unicorn-45621.exe
540	Unicorn-45621.exe
2360	Unicorn-31785.exe
1044	Unicorn-20659.exe
2332	Unicorn-29093.exe
2132	Unicorn-46197.exe
2388	Unicorn-8734.exe
1320	Unicorn-54480.exe
2268	Unicorn-49020.exe
2736	Unicorn-37079.exe
1548	Unicorn-18870.exe
2000	Unicorn-9118.exe

Loads dropped DLL 64 IoCs

pid	Process
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2696	Unicorn-3550.exe
2696	Unicorn-3550.exe
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2752	Unicorn-19970.exe
2752	Unicorn-19970.exe
2696	Unicorn-3550.exe
2696	Unicorn-3550.exe
2684	Unicorn-8272.exe
2684	Unicorn-8272.exe
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2172	Unicorn-24137.exe
2172	Unicorn-24137.exe
2752	Unicorn-19970.exe
2752	Unicorn-19970.exe
1336	Unicorn-41241.exe
1336	Unicorn-41241.exe
2684	Unicorn-8272.exe
276	Unicorn-8468.exe
2684	Unicorn-8272.exe
276	Unicorn-8468.exe
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2696	Unicorn-3550.exe
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2696	Unicorn-3550.exe
2608	Unicorn-16523.exe
2608	Unicorn-16523.exe
2648	Unicorn-48423.exe
2648	Unicorn-48423.exe
2172	Unicorn-24137.exe
2172	Unicorn-24137.exe
3068	Unicorn-49300.exe
3068	Unicorn-49300.exe
276	Unicorn-8468.exe
276	Unicorn-8468.exe
2732	Unicorn-62621.exe
2732	Unicorn-62621.exe
1336	Unicorn-41241.exe
1336	Unicorn-41241.exe
1096	Unicorn-31572.exe
1096	Unicorn-31572.exe
2752	Unicorn-19970.exe
2752	Unicorn-19970.exe
2888	Unicorn-45527.exe
2460	Unicorn-39662.exe
2888	Unicorn-45527.exe
2460	Unicorn-39662.exe
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2696	Unicorn-3550.exe
2696	Unicorn-3550.exe
2308	Unicorn-45792.exe
2308	Unicorn-45792.exe
2608	Unicorn-16523.exe
2608	Unicorn-16523.exe
1488	Unicorn-12029.exe
1488	Unicorn-12029.exe
2684	Unicorn-8272.exe
2684	Unicorn-8272.exe
2016	Unicorn-15642.exe
2016	Unicorn-15642.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1912	2332	WerFault.exe	86

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29729.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
2696	Unicorn-3550.exe
2752	Unicorn-19970.exe
2684	Unicorn-8272.exe
2172	Unicorn-24137.exe
2608	Unicorn-16523.exe
1336	Unicorn-41241.exe
276	Unicorn-8468.exe
2648	Unicorn-48423.exe
3068	Unicorn-49300.exe
1096	Unicorn-31572.exe
2732	Unicorn-62621.exe
1488	Unicorn-12029.exe
2460	Unicorn-39662.exe
2888	Unicorn-45527.exe
2308	Unicorn-45792.exe
2016	Unicorn-15642.exe
2244	Unicorn-51007.exe
2296	Unicorn-55112.exe
2180	Unicorn-6466.exe
1628	Unicorn-20110.exe
2508	Unicorn-47307.exe
1384	Unicorn-36446.exe
760	Unicorn-11841.exe
2104	Unicorn-17972.exe
1468	Unicorn-18704.exe
2024	Unicorn-48668.exe
288	Unicorn-60348.exe
2492	Unicorn-39124.exe
1936	Unicorn-59544.exe
1728	Unicorn-26771.exe
1064	Unicorn-38247.exe
2456	Unicorn-43653.exe
2692	Unicorn-16819.exe
2764	Unicorn-46991.exe
1056	Unicorn-59335.exe
2712	Unicorn-53021.exe
2392	Unicorn-28416.exe
1704	Unicorn-38631.exe
2548	Unicorn-21479.exe
2072	Unicorn-4396.exe
1212	Unicorn-312.exe
2944	Unicorn-41245.exe
3016	Unicorn-39569.exe
1324	Unicorn-24716.exe
2216	Unicorn-11002.exe
1276	Unicorn-11002.exe
2896	Unicorn-7473.exe
2796	Unicorn-15641.exe
2420	Unicorn-35507.exe
2376	Unicorn-22293.exe
2112	Unicorn-45621.exe
540	Unicorn-45621.exe
1044	Unicorn-20659.exe
2360	Unicorn-31785.exe
2332	Unicorn-29093.exe
2132	Unicorn-46197.exe
1320	Unicorn-54480.exe
2388	Unicorn-8734.exe
2268	Unicorn-49020.exe
2736	Unicorn-37079.exe
1548	Unicorn-18870.exe
2000	Unicorn-9118.exe
2256	Unicorn-14593.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2696	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	30
PID 2280 wrote to memory of 2696	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	30
PID 2280 wrote to memory of 2696	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	30
PID 2280 wrote to memory of 2696	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	30
PID 2696 wrote to memory of 2752	2696	Unicorn-3550.exe	31
PID 2696 wrote to memory of 2752	2696	Unicorn-3550.exe	31
PID 2696 wrote to memory of 2752	2696	Unicorn-3550.exe	31
PID 2696 wrote to memory of 2752	2696	Unicorn-3550.exe	31
PID 2280 wrote to memory of 2684	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	32
PID 2280 wrote to memory of 2684	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	32
PID 2280 wrote to memory of 2684	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	32
PID 2280 wrote to memory of 2684	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	32
PID 2752 wrote to memory of 2172	2752	Unicorn-19970.exe	33
PID 2752 wrote to memory of 2172	2752	Unicorn-19970.exe	33
PID 2752 wrote to memory of 2172	2752	Unicorn-19970.exe	33
PID 2752 wrote to memory of 2172	2752	Unicorn-19970.exe	33
PID 2696 wrote to memory of 2608	2696	Unicorn-3550.exe	34
PID 2696 wrote to memory of 2608	2696	Unicorn-3550.exe	34
PID 2696 wrote to memory of 2608	2696	Unicorn-3550.exe	34
PID 2696 wrote to memory of 2608	2696	Unicorn-3550.exe	34
PID 2684 wrote to memory of 1336	2684	Unicorn-8272.exe	35
PID 2684 wrote to memory of 1336	2684	Unicorn-8272.exe	35
PID 2684 wrote to memory of 1336	2684	Unicorn-8272.exe	35
PID 2684 wrote to memory of 1336	2684	Unicorn-8272.exe	35
PID 2280 wrote to memory of 276	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	36
PID 2280 wrote to memory of 276	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	36
PID 2280 wrote to memory of 276	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	36
PID 2280 wrote to memory of 276	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	36
PID 2172 wrote to memory of 2648	2172	Unicorn-24137.exe	37
PID 2172 wrote to memory of 2648	2172	Unicorn-24137.exe	37
PID 2172 wrote to memory of 2648	2172	Unicorn-24137.exe	37
PID 2172 wrote to memory of 2648	2172	Unicorn-24137.exe	37
PID 2752 wrote to memory of 1096	2752	Unicorn-19970.exe	38
PID 2752 wrote to memory of 1096	2752	Unicorn-19970.exe	38
PID 2752 wrote to memory of 1096	2752	Unicorn-19970.exe	38
PID 2752 wrote to memory of 1096	2752	Unicorn-19970.exe	38
PID 1336 wrote to memory of 2732	1336	Unicorn-41241.exe	39
PID 1336 wrote to memory of 2732	1336	Unicorn-41241.exe	39
PID 1336 wrote to memory of 2732	1336	Unicorn-41241.exe	39
PID 1336 wrote to memory of 2732	1336	Unicorn-41241.exe	39
PID 2684 wrote to memory of 1488	2684	Unicorn-8272.exe	40
PID 2684 wrote to memory of 1488	2684	Unicorn-8272.exe	40
PID 2684 wrote to memory of 1488	2684	Unicorn-8272.exe	40
PID 2684 wrote to memory of 1488	2684	Unicorn-8272.exe	40
PID 276 wrote to memory of 3068	276	Unicorn-8468.exe	41
PID 276 wrote to memory of 3068	276	Unicorn-8468.exe	41
PID 276 wrote to memory of 3068	276	Unicorn-8468.exe	41
PID 276 wrote to memory of 3068	276	Unicorn-8468.exe	41
PID 2280 wrote to memory of 2888	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	42
PID 2280 wrote to memory of 2888	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	42
PID 2280 wrote to memory of 2888	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	42
PID 2280 wrote to memory of 2888	2280	403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe	42
PID 2696 wrote to memory of 2460	2696	Unicorn-3550.exe	43
PID 2696 wrote to memory of 2460	2696	Unicorn-3550.exe	43
PID 2696 wrote to memory of 2460	2696	Unicorn-3550.exe	43
PID 2696 wrote to memory of 2460	2696	Unicorn-3550.exe	43
PID 2608 wrote to memory of 2308	2608	Unicorn-16523.exe	44
PID 2608 wrote to memory of 2308	2608	Unicorn-16523.exe	44
PID 2608 wrote to memory of 2308	2608	Unicorn-16523.exe	44
PID 2608 wrote to memory of 2308	2608	Unicorn-16523.exe	44
PID 2648 wrote to memory of 2016	2648	Unicorn-48423.exe	45
PID 2648 wrote to memory of 2016	2648	Unicorn-48423.exe	45
PID 2648 wrote to memory of 2016	2648	Unicorn-48423.exe	45
PID 2648 wrote to memory of 2016	2648	Unicorn-48423.exe	45

C:\Users\Admin\AppData\Local\Temp\403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe
"C:\Users\Admin\AppData\Local\Temp\403b484b4e8699a18fa6c6532c85ea86ad21b9339486a5fbeb40bc6d52d591fbN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        9⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        7⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        7⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24519.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        7⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        7⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
        6⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        6⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20906.exe
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        6⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
        6⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        5⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28349.exe
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61740.exe
        5⤵
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30317.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        5⤵
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        8⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3148.exe
        7⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
        6⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2298.exe
        5⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16710.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        6⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
        6⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        5⤵
        
        PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        5⤵
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        5⤵
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
      4⤵
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
      4⤵
      PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
      4⤵
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45792.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220
        7⤵
        Program crash
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        6⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        5⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10483.exe
        5⤵
        
        PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
      4⤵
      Executes dropped EXE
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        6⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
      4⤵
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
      4⤵
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
      4⤵
      PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        7⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57691.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        5⤵
        
        PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        5⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23260.exe
      4⤵
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34972.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
      4⤵
      PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        5⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        6⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        5⤵
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65517.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        5⤵
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49495.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
      4⤵
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5351.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
      4⤵
      PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
    3⤵
    PID:616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20083.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
    3⤵
    PID:5432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        7⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        7⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        6⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        7⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        6⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        6⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        5⤵
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        6⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        6⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        6⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        6⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        5⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
      4⤵
      PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
        6⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        5⤵
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        5⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25575.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        6⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50306.exe
        5⤵
        
        PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
      4⤵
      PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13251.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
      4⤵
      PID:1380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        6⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
      4⤵
      PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48801.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
      4⤵
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
      4⤵
      PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
      4⤵
      PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
      4⤵
      PID:5608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
    3⤵
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7461.exe
      4⤵
      PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
    3⤵
    PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
    3⤵
    PID:3252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
    3⤵
    PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
    3⤵
    PID:5616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        5⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        5⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
      4⤵
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        5⤵
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
      4⤵
      PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
      4⤵
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
      4⤵
      PID:5848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        5⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49165.exe
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        5⤵
        
        PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
      4⤵
      PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
      4⤵
      PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
      4⤵
      PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
      4⤵
      PID:5384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14594.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
    3⤵
    PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
    3⤵
    PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
    3⤵
    PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
      4⤵
      PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50281.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
      4⤵
      PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
      4⤵
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
      4⤵
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
      4⤵
      PID:5416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
    3⤵
    PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
    3⤵
    PID:856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
    3⤵
    PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
    3⤵
    PID:5868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35507.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
      4⤵
      PID:5400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
    3⤵
    PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48417.exe
    3⤵
    PID:3152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
    3⤵
    PID:3480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
    3⤵
    PID:5832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
    3⤵
    PID:1188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7795.exe
    3⤵
    PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
    3⤵
    PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
    3⤵
    PID:5152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
  2⤵
  PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
  2⤵
  PID:3120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
  2⤵
  PID:2800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31169.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31169.exe
  2⤵
  PID:4380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
  2⤵
  PID:5708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11841.exe

Filesize
468KB

MD5
f4e566f7777036c159e746b7370e201e

SHA1
3912857a800bc759a088fe4374a0801a0a13972f

SHA256
1ad48b1f65970c252c8fc68b24c9d6d8ad8e8c032a3140d7b5f26272578cd34d

SHA512
535d695032504fa6f8a6a1792db865b6ebab71074801117c3110ffce1398eddf2ed2a43d75366f8b7b39380248e685ebce7d970fbc972cfd370f72f4d4065849

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe

Filesize
468KB

MD5
286217feffb2dbee8f5a5bdf444dad06

SHA1
dcbde775a3781d764801b57e393f7ddd379a430d

SHA256
d145de96566073a326b7d246db9680c8b1521db52d04f5626bdea79b86545ad5

SHA512
9d8687de624e894e03f1f10ffe593438a215a379919b8b6a6ff66c27425a1b43bb3741844abd9367952af3875ca6e973f306edeb4ff988eade6b32963db296f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe

Filesize
468KB

MD5
276eefffd220bba55eeef16ac2148ea6

SHA1
476baa24304248ac7039f9be2e7511e65ab1dffe

SHA256
05bf810d7934ad0e206f8d100eb2ab62d716f31c0c1ec763acb83232b33b3adc

SHA512
04016bb5e8d945b294e2fa8c0db2fd47792d3ad1979eb2d06c6d0e0eb90e89116fc3075c916100192a658cc432d0e530156fa4c7028c1279cab001ec23050a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe

Filesize
468KB

MD5
2e2e00044fb1f6fa8721df5cbf2b543e

SHA1
f5341f89f628a6d297622395ec2fd65ccd73cb0f

SHA256
d8b30dd378a8b65458929a03814595f127458cfc88b68f11f712c128fc61f4a7

SHA512
4b63021dc0f1a2ffc61ee314910fd469538307b48d3bb638d80dc32364ef06c28215c7d5fe3b72424a99a65fdadffc2041dd11b466c0407827ccb37dc62ff693

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45792.exe

Filesize
468KB

MD5
4e44c4e6feb7df3509fd2619ae2e4f78

SHA1
622a1f8d0be7e189f6394a8e6adbe27ab0f44538

SHA256
e2669f61eae29f435e7ac8eb34ac342146a08cf21882cb4a4603cec4437b8423

SHA512
8d77fdf11e0c1f068b46713ac20dd40e26d6b7dc81d54bef483a993c17ef54abef40275a673adab460f7ff2e0bfc08a27164121cb602a6e37de4799a1fba2508

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe

Filesize
468KB

MD5
ea734947d5e3fe1a14d6ffcea48e3a7f

SHA1
2f74b60c9a8ec4d38b47e0276ba18aa410d68c7f

SHA256
9b634bcb20e1e0deb044f89476c577b1ae79a8c59d2d828d28a533edb39143e9

SHA512
45c799de896fcf0cb130b5468076e91ecdbf2c0fff179d5988d872912442690aadd1115d09220093858cadcc322bc428a09a9e35bd33135aaf3dee1650643446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe

Filesize
468KB

MD5
54fdb934c59f12c03db797451246cfaf

SHA1
f444bdf6174c12f7b9de6f8162a3035579c1e11f

SHA256
ca21318b6e680811aef77ccba238edaec7dd3c6a0bb10568b05b4e790fb70d2d

SHA512
ebaf2479c3022cb87407fc8151eb04e434ef6cb5cc9d5a8f91573e239cd8e2ee383a97949305ab27a817c86f28c3502db9e508e8ffb9d5f8e4ca81c8319799e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe

Filesize
468KB

MD5
47828dc206a1781125fbba385bb19efc

SHA1
6f473801753c335a5c00b6546c0f83c2a89bd2a3

SHA256
1d12ebd193fbf14d6d6b8eb291ebbdd2ddf3fcb3f32faf4bfd624104b500a793

SHA512
c847041eac133e5acba0acf2265190772925336e5040d045315d8f65e33935782975988713d9d7ad6143516a7fd8f4bc85f9a0a1242843e02c70c9f5fc262bd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe

Filesize
468KB

MD5
406e97162de587bc74d36eabc72df88b

SHA1
954bd9853eddbd5fdfd64c3f03d623e3cf100494

SHA256
f734c396912cf3b455e23e48695215f21e2bd6373b434d81e915c3bd3322ed61

SHA512
cba418119212aa315bf2d2fded896235a8bf957bd0622e22766ff6c5783964d7b5510d494fad1a5fbeefeef405191d074bb554c992e837065978ec7fd571e4a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe

Filesize
468KB

MD5
8379c4d70b41946d7c08c449186e208a

SHA1
dd917abdd13a7dc7eff3b8c43d56a11e350e2a4d

SHA256
0c140af42b0fe4739592c93145656e54d90009bef40a28185bddc15aa3036283

SHA512
651b2049ecb25e62aee3e1a2f5ba8d86f15489fe27bf28f37f4ed90d87b4fbee79bd412df51ee3da769dc09d9b06ca08a1d94d7ac74eb2560c839a01892f2c31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe

Filesize
468KB

MD5
ddb623cf4e3bad4ca651dd4c5a3b8cc0

SHA1
61daea147dd2fb2337d7d38075e9222655fc18ca

SHA256
24df53348034a03ed3896e5a9cbd4544911a9db4a1bf91677650860bb4d51915

SHA512
333f9d27c9e935fc1edd106256910bc6746365656d9ac1e938dc6d25836023404e1a661ff5676353becab1beea48dc2ab1657605bfef85030d6029923cd5a883

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe

Filesize
468KB

MD5
72fafd5290c8d7fbd1a23e0bc482ef16

SHA1
f41d64ca4e4a4fe2ee27d2558e45f516ba4be062

SHA256
1fb093fe299a38fcd53051d97dd0b4cf1b9668b289f2480858e94c063f58142a

SHA512
e6635e86a77f94de45c4943b601d7c1552e4ab2fe3d2e265436c067d4da485551134cbb7367f9a8f65424c35a655aef9570c7c02ec02fbefce265712c815c9ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe

Filesize
468KB

MD5
d9d09474b47265d8a554e4366d0c29fb

SHA1
b8b39e35ab700aba62ce493c571bf3f239330403

SHA256
7668e46b254bc3a2975407e5c673a2d4e05c7cf5f63efe408cce6cb72fa9b893

SHA512
333f1004d6ff3bdee107cd4418e0fa608fccdc535f885344d07d40bd5c44c21a8eadd977669b47d77a968633abf485e2920abc90afb05898a40be47b8d8bd88d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe

Filesize
468KB

MD5
d2760e700b9fa2034ddb8e8f47a0184d

SHA1
b0d7025e15ae6eeb3c7b08a90b4e9564a2c3eb96

SHA256
22d7208b3177ae543541ed1fc73f7cd47d88128b764c7131c8cbeb862760484d

SHA512
54d25eb8adf17bed586ad730b9d89d28a73f27ace12a0759605e49157a29cf2d727343fd6a2cba6fbf1415493bd4b7b9a63828031d0962c863785319c9ab672d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe

Filesize
468KB

MD5
66338efad4bf5abfbb9ed5f4fc3d8251

SHA1
f9e6ca1cbc7bf5ed9b4029a35268310d190b8800

SHA256
6c9374daad35651e73042d8e13cf7a7a3a030311ccb02062752700b75c72c155

SHA512
bfc8cdc8b54bc874a7a1364e5598180a77f70786ad8dbfb9cb89bc3d37229079c4a7fe4b7379463b54b16a12b30e1bc252e2271d7f92093db55236cbca67366a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe

Filesize
468KB

MD5
8f38d0e4c0c8269c2ee89cac173c5eb8

SHA1
b344317c46540c7bd9ba344154f520b9ec6929bc

SHA256
37f041df76e0acf5164442e84371eb2bbe6841cfc3eeb277baee464b18cb2ae8

SHA512
41943f11e8f071778dc258beca48a194e57b7f80279b2e88ebd32023b2b96db9228952a63ca8f8f210df02421d0a6035f447c9757bf125e00a3049bfc3ba68ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe

Filesize
468KB

MD5
78d32a8dafab925f966318f7aa07176d

SHA1
bc4cd144e61712b4c87f12749e148a0e4d744986

SHA256
cea3020a0ad3d6662a372a6b979a26a3503ce8689238d3a268214b53437dcd7a

SHA512
24e2f2a69df3d76777c41ee714e72d9d03e33db3ab28743fe86f0512e7bd021c1de889a483c7272e9f34e7cbcae11aa874fc823b99fefc1a93aa9cc96938a038

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe

Filesize
468KB

MD5
9bb7a37ec5aed8a0c4eeb67cbae5eff5

SHA1
1bf93c9aa953c81231ef77aa24974f99b886c84f

SHA256
4cf259f0d0fa4d7980f3fb760e75bd598046c0268537cba5ab4ae822512d820d

SHA512
f9978ca1335697b9a6a8bc6c89e6a8142f33db86297ef700ca2008d25847f3a588a5a81184a82d30fa41e320ad192094d794fe170a1ffb3699dcb04d938ed00a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe

Filesize
468KB

MD5
2da752e58924a2041e47eca3830b54ac

SHA1
23378aa4192bb4724345029af206b84594e1a8e0

SHA256
7e421a46d20dc8f6f886da5e17d17c49d8a37f53f1c95dbf713b168fd24f3197

SHA512
4e0324c99b9cc6e93eee5ea21294753e746e82ac86d59c84a0646414510f7d0b86acef97b0a91e54dff411c69fc8283da4d69629c55e7af4c0e0be2f91dff080

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe

Filesize
468KB

MD5
c5a44bee1344862c640777d210afe220

SHA1
c8857dbcdedb1437d9d70fed65e4b62a7444005e

SHA256
d811fc9190c77c7c69abbf220b0082671401062d5ffab019b83546c5e19d9910

SHA512
4da7f683bcbe31964e1cd08076d99e7bbd0fb3e5379e9d507247ec954c98611ac98ffab9ede09b72152639f24ee12357387fa9cc45dfc34400e75952789d8755

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe

Filesize
468KB

MD5
3074a6d5fa385b6b1647b9c01047a86d

SHA1
5beb050edd713403835811ec698fee81b5c03d1a

SHA256
d18b06531e4c02ee20dea6f499dd2ecd71d140e3f59e3078320387270623c76c

SHA512
49433b915880a61ae6cfd47d57f7cb6cc15512d388b46f01310706876266371b83cc92968f246f73abfd342d33b71dd555ccf6a6d019acf00fc7f2fbfb874c94

Download Submit