124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
Size

468KB
MD5

ce2e4d57da2dbc0b905233ed213df1c9
SHA1

28162d057fa7d7ae545effc341f1726d6f18704f
SHA256

124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd
SHA512

f5abe2c7ed509be97418c518d095686fd27c80b6d499659b17db064bb3a5970147984bda3a53d64aa67bda7b57bd470c702ba1f81719a9cb41d26582a34f6d26
SSDEEP

3072:5nCLotIKIP5UMbYGHz4O0fJlzCmsP0EwnLHewVgj7PPLGA/gKrlv0:5nuowxUMRHcO0fQNxh7Pzr/gKm

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2288	Unicorn-41189.exe
2884	Unicorn-10545.exe
2668	Unicorn-60301.exe
2820	Unicorn-26965.exe
2848	Unicorn-22881.exe
2892	Unicorn-59729.exe
2988	Unicorn-41909.exe
2640	Unicorn-4188.exe
2828	Unicorn-8007.exe
1568	Unicorn-59419.exe
1692	Unicorn-8827.exe
1940	Unicorn-55335.exe
1720	Unicorn-45584.exe
2328	Unicorn-59319.exe
372	Unicorn-65449.exe
2460	Unicorn-30878.exe
2388	Unicorn-23072.exe
292	Unicorn-10841.exe
2248	Unicorn-49736.exe
696	Unicorn-42122.exe
2392	Unicorn-34583.exe
1876	Unicorn-4619.exe
2636	Unicorn-25040.exe
1280	Unicorn-47333.exe
836	Unicorn-48153.exe
1592	Unicorn-29124.exe
736	Unicorn-435.exe
2256	Unicorn-49544.exe
2088	Unicorn-47498.exe
2492	Unicorn-31070.exe
2348	Unicorn-54183.exe
2284	Unicorn-4318.exe
2264	Unicorn-58158.exe
2944	Unicorn-8978.exe
2948	Unicorn-53995.exe
2684	Unicorn-23177.exe
2764	Unicorn-19647.exe
2732	Unicorn-29207.exe
2612	Unicorn-3232.exe
276	Unicorn-52341.exe
2760	Unicorn-37951.exe
2580	Unicorn-18085.exe
2652	Unicorn-45357.exe
2208	Unicorn-23561.exe
2968	Unicorn-20031.exe
348	Unicorn-17339.exe
2596	Unicorn-29326.exe
2792	Unicorn-41843.exe
1952	Unicorn-42397.exe
1708	Unicorn-62263.exe
1420	Unicorn-9746.exe
1192	Unicorn-28120.exe
2268	Unicorn-38335.exe
812	Unicorn-18469.exe
2456	Unicorn-34805.exe
2124	Unicorn-54671.exe
1172	Unicorn-27928.exe
2904	Unicorn-31151.exe
1672	Unicorn-3332.exe
1108	Unicorn-26445.exe
2212	Unicorn-46311.exe
592	Unicorn-44676.exe
1548	Unicorn-40857.exe
3020	Unicorn-22937.exe

Loads dropped DLL 64 IoCs

pid	Process
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2288	Unicorn-41189.exe
2288	Unicorn-41189.exe
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2668	Unicorn-60301.exe
2668	Unicorn-60301.exe
2884	Unicorn-10545.exe
2884	Unicorn-10545.exe
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2288	Unicorn-41189.exe
2288	Unicorn-41189.exe
2892	Unicorn-59729.exe
2892	Unicorn-59729.exe
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2848	Unicorn-22881.exe
2884	Unicorn-10545.exe
2848	Unicorn-22881.exe
2884	Unicorn-10545.exe
2988	Unicorn-41909.exe
2988	Unicorn-41909.exe
2668	Unicorn-60301.exe
2820	Unicorn-26965.exe
2288	Unicorn-41189.exe
2668	Unicorn-60301.exe
2288	Unicorn-41189.exe
2820	Unicorn-26965.exe
2640	Unicorn-4188.exe
2640	Unicorn-4188.exe
2892	Unicorn-59729.exe
2892	Unicorn-59729.exe
372	Unicorn-65449.exe
2828	Unicorn-8007.exe
2828	Unicorn-8007.exe
372	Unicorn-65449.exe
2820	Unicorn-26965.exe
2820	Unicorn-26965.exe
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2328	Unicorn-59319.exe
2328	Unicorn-59319.exe
2288	Unicorn-41189.exe
1568	Unicorn-59419.exe
1568	Unicorn-59419.exe
2288	Unicorn-41189.exe
2848	Unicorn-22881.exe
2848	Unicorn-22881.exe
1720	Unicorn-45584.exe
1720	Unicorn-45584.exe
2668	Unicorn-60301.exe
2668	Unicorn-60301.exe
1692	Unicorn-8827.exe
1692	Unicorn-8827.exe
2884	Unicorn-10545.exe
2884	Unicorn-10545.exe
1940	Unicorn-55335.exe
1940	Unicorn-55335.exe
2988	Unicorn-41909.exe
2988	Unicorn-41909.exe
2460	Unicorn-30878.exe
2460	Unicorn-30878.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4324	1592	WerFault.exe	55

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4430.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
2288	Unicorn-41189.exe
2884	Unicorn-10545.exe
2668	Unicorn-60301.exe
2892	Unicorn-59729.exe
2820	Unicorn-26965.exe
2848	Unicorn-22881.exe
2988	Unicorn-41909.exe
2640	Unicorn-4188.exe
2828	Unicorn-8007.exe
1568	Unicorn-59419.exe
1692	Unicorn-8827.exe
1940	Unicorn-55335.exe
1720	Unicorn-45584.exe
372	Unicorn-65449.exe
2328	Unicorn-59319.exe
2460	Unicorn-30878.exe
2388	Unicorn-23072.exe
2248	Unicorn-49736.exe
292	Unicorn-10841.exe
696	Unicorn-42122.exe
2392	Unicorn-34583.exe
2636	Unicorn-25040.exe
1876	Unicorn-4619.exe
1280	Unicorn-47333.exe
836	Unicorn-48153.exe
1592	Unicorn-29124.exe
736	Unicorn-435.exe
2256	Unicorn-49544.exe
2492	Unicorn-31070.exe
2088	Unicorn-47498.exe
2348	Unicorn-54183.exe
2284	Unicorn-4318.exe
2264	Unicorn-58158.exe
2944	Unicorn-8978.exe
2948	Unicorn-53995.exe
2684	Unicorn-23177.exe
2764	Unicorn-19647.exe
2732	Unicorn-29207.exe
2612	Unicorn-3232.exe
276	Unicorn-52341.exe
2760	Unicorn-37951.exe
2580	Unicorn-18085.exe
2968	Unicorn-20031.exe
2208	Unicorn-23561.exe
2652	Unicorn-45357.exe
348	Unicorn-17339.exe
2596	Unicorn-29326.exe
2792	Unicorn-41843.exe
1708	Unicorn-62263.exe
1420	Unicorn-9746.exe
1952	Unicorn-42397.exe
1192	Unicorn-28120.exe
812	Unicorn-18469.exe
2268	Unicorn-38335.exe
2124	Unicorn-54671.exe
2456	Unicorn-34805.exe
1108	Unicorn-26445.exe
2904	Unicorn-31151.exe
1172	Unicorn-27928.exe
1672	Unicorn-3332.exe
2212	Unicorn-46311.exe
592	Unicorn-44676.exe
1548	Unicorn-40857.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2288	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	30
PID 2516 wrote to memory of 2288	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	30
PID 2516 wrote to memory of 2288	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	30
PID 2516 wrote to memory of 2288	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	30
PID 2288 wrote to memory of 2884	2288	Unicorn-41189.exe	31
PID 2288 wrote to memory of 2884	2288	Unicorn-41189.exe	31
PID 2288 wrote to memory of 2884	2288	Unicorn-41189.exe	31
PID 2288 wrote to memory of 2884	2288	Unicorn-41189.exe	31
PID 2516 wrote to memory of 2668	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	32
PID 2516 wrote to memory of 2668	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	32
PID 2516 wrote to memory of 2668	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	32
PID 2516 wrote to memory of 2668	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	32
PID 2668 wrote to memory of 2820	2668	Unicorn-60301.exe	33
PID 2668 wrote to memory of 2820	2668	Unicorn-60301.exe	33
PID 2668 wrote to memory of 2820	2668	Unicorn-60301.exe	33
PID 2668 wrote to memory of 2820	2668	Unicorn-60301.exe	33
PID 2884 wrote to memory of 2848	2884	Unicorn-10545.exe	34
PID 2884 wrote to memory of 2848	2884	Unicorn-10545.exe	34
PID 2884 wrote to memory of 2848	2884	Unicorn-10545.exe	34
PID 2884 wrote to memory of 2848	2884	Unicorn-10545.exe	34
PID 2516 wrote to memory of 2892	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	35
PID 2516 wrote to memory of 2892	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	35
PID 2516 wrote to memory of 2892	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	35
PID 2516 wrote to memory of 2892	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	35
PID 2288 wrote to memory of 2988	2288	Unicorn-41189.exe	36
PID 2288 wrote to memory of 2988	2288	Unicorn-41189.exe	36
PID 2288 wrote to memory of 2988	2288	Unicorn-41189.exe	36
PID 2288 wrote to memory of 2988	2288	Unicorn-41189.exe	36
PID 2892 wrote to memory of 2640	2892	Unicorn-59729.exe	37
PID 2892 wrote to memory of 2640	2892	Unicorn-59729.exe	37
PID 2892 wrote to memory of 2640	2892	Unicorn-59729.exe	37
PID 2892 wrote to memory of 2640	2892	Unicorn-59729.exe	37
PID 2516 wrote to memory of 2828	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	38
PID 2516 wrote to memory of 2828	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	38
PID 2516 wrote to memory of 2828	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	38
PID 2516 wrote to memory of 2828	2516	124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe	38
PID 2848 wrote to memory of 1568	2848	Unicorn-22881.exe	39
PID 2848 wrote to memory of 1568	2848	Unicorn-22881.exe	39
PID 2848 wrote to memory of 1568	2848	Unicorn-22881.exe	39
PID 2848 wrote to memory of 1568	2848	Unicorn-22881.exe	39
PID 2884 wrote to memory of 1692	2884	Unicorn-10545.exe	40
PID 2884 wrote to memory of 1692	2884	Unicorn-10545.exe	40
PID 2884 wrote to memory of 1692	2884	Unicorn-10545.exe	40
PID 2884 wrote to memory of 1692	2884	Unicorn-10545.exe	40
PID 2988 wrote to memory of 1940	2988	Unicorn-41909.exe	41
PID 2988 wrote to memory of 1940	2988	Unicorn-41909.exe	41
PID 2988 wrote to memory of 1940	2988	Unicorn-41909.exe	41
PID 2988 wrote to memory of 1940	2988	Unicorn-41909.exe	41
PID 2668 wrote to memory of 1720	2668	Unicorn-60301.exe	42
PID 2668 wrote to memory of 1720	2668	Unicorn-60301.exe	42
PID 2668 wrote to memory of 1720	2668	Unicorn-60301.exe	42
PID 2668 wrote to memory of 1720	2668	Unicorn-60301.exe	42
PID 2288 wrote to memory of 2328	2288	Unicorn-41189.exe	44
PID 2288 wrote to memory of 2328	2288	Unicorn-41189.exe	44
PID 2288 wrote to memory of 2328	2288	Unicorn-41189.exe	44
PID 2288 wrote to memory of 2328	2288	Unicorn-41189.exe	44
PID 2820 wrote to memory of 372	2820	Unicorn-26965.exe	43
PID 2820 wrote to memory of 372	2820	Unicorn-26965.exe	43
PID 2820 wrote to memory of 372	2820	Unicorn-26965.exe	43
PID 2820 wrote to memory of 372	2820	Unicorn-26965.exe	43
PID 2640 wrote to memory of 2460	2640	Unicorn-4188.exe	45
PID 2640 wrote to memory of 2460	2640	Unicorn-4188.exe	45
PID 2640 wrote to memory of 2460	2640	Unicorn-4188.exe	45
PID 2640 wrote to memory of 2460	2640	Unicorn-4188.exe	45

C:\Users\Admin\AppData\Local\Temp\124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe
"C:\Users\Admin\AppData\Local\Temp\124db98fd57fe15327082083c8f8be8bf2eb21a074610c3234c0420dec97d2dd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31698.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        7⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        6⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
        6⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
        5⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61521.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        7⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
        6⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-571.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
        5⤵
        
        PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
      4⤵
      PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
      4⤵
      PID:6028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        6⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        6⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        7⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        7⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
        5⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30763.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        6⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8101.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        7⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        5⤵
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17748.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        5⤵
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
      4⤵
      PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
      4⤵
      PID:5092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59319.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
        6⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        7⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
        5⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        5⤵
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        5⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39501.exe
        5⤵
        
        PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
      4⤵
      PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
      4⤵
      PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
      4⤵
      PID:5128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        5⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        5⤵
        
        PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
      4⤵
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
      4⤵
      PID:5496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45357.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
      4⤵
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
      4⤵
      PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
      4⤵
      PID:5656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19065.exe
    3⤵
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
      4⤵
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
    3⤵
    PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
    3⤵
    PID:3868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
    3⤵
    PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52341.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        7⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        7⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        6⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        6⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        6⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        7⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        7⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        6⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
        6⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        5⤵
        
        PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        6⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        6⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        6⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        5⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
        5⤵
        
        PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        5⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
        6⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
      4⤵
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        5⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
      4⤵
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
      4⤵
      PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        6⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27810.exe
        5⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        5⤵
        Program crash
        
        PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        5⤵
        
        PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
      4⤵
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
      4⤵
      PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8010.exe
        5⤵
        
        PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
      4⤵
      PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
      4⤵
      PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
      4⤵
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      4⤵
      PID:5396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
    3⤵
    PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
    3⤵
    PID:3844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15903.exe
    3⤵
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
    3⤵
    PID:5108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        7⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        6⤵
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37349.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        5⤵
        Executes dropped EXE
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        6⤵
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        6⤵
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
        5⤵
        
        PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        6⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
      4⤵
      PID:352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        5⤵
        
        PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
      4⤵
      PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
      4⤵
      PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
        7⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        5⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        6⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        6⤵
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37349.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
      4⤵
      PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
      4⤵
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
      4⤵
      PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        5⤵
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
      4⤵
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      4⤵
      PID:5356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
    3⤵
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
      4⤵
      PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
      4⤵
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25213.exe
    3⤵
    PID:4052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
    3⤵
    PID:5624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        7⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        6⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        6⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
      4⤵
      PID:4608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19647.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        5⤵
        
        PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
      4⤵
      PID:484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
    3⤵
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
    3⤵
    PID:1200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
    3⤵
    PID:4100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
    3⤵
    PID:2888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
      4⤵
      PID:6000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
    3⤵
    PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
    3⤵
    PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
    3⤵
    PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
    3⤵
    PID:1860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
    3⤵
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
    3⤵
    PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19366.exe
    3⤵
    PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
    3⤵
    PID:5504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
  2⤵
  PID:892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
  2⤵
  PID:3400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
  2⤵
  PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe

Filesize
468KB

MD5
42f1d59e9d6c7c05a22d09e1cdfa84ea

SHA1
e024369bfafe05464f7f765238cdf3fc57fe9aa0

SHA256
db13353fb673f8bcac3da64ecaa15c5d2a90112bdfa9d07c7afd2b6c5ac28205

SHA512
1ce86c9dc93cee96c0ae5c5fbbab8b143e35aadb6d35d84a062131190aab696447c171233d977ca4057826e6d42d2e148fb90e851d5b517728e507bf685f2fdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27810.exe

Filesize
468KB

MD5
865a6a609d328827013b00748edff47c

SHA1
7955101fe1c0ec14f6de05529291ae58e7dcab1b

SHA256
c453ab5af410e9e7bd908d0747b752c31e12f349760044acfcee5e5f9bb53fe5

SHA512
be96c8b58d138aa69ae98f5e0051bbbef3cec1e36baca85590fed9a1627541bff39ea5d8ada46da6c87fca0b615f3aa2b9f3680e8602b29a7ca50cc9e808a2e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe

Filesize
468KB

MD5
a866b0c152ce59c21df0816916bdf5dd

SHA1
03b09f4e0f7c9a355061d2983585222a60746a5e

SHA256
be98de410961b9881903ff44c7dc3c51c8ae93d1e53eb3555c4e97c786192f6d

SHA512
73fff43c6abf9e8a626b500db3f7899be46cce49129ca750e3ba6f1df8d3d20edf494966e8d76f2a56057ead8bbd8120eec4142e62097e8f5f7dae6a40460921

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe

Filesize
468KB

MD5
944b89b8c52a1f724691fd06e8d47c0a

SHA1
2ec0420d0837ddb6101157b5aeab0160eeb5d617

SHA256
eaeb993228c96a00b057eefa72454b6360f5c2840017465e746e2df6006b5e1a

SHA512
b54203b07de6e582ec0e185ee8c4b6428932f97918871f2e19a0f1ad2878c4a1c20cd82cd2438684134b6f86f314cad358075819fa77265752f3f5e3983de3cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe

Filesize
468KB

MD5
d8eef46713d3a8184937913745adca3d

SHA1
2fd5195e592680d9fb064d7e74a421e20d016ef7

SHA256
435d9f89e4bb96bdcf6b1b39bd1adf454428ac0f364116eb92af4faee060fa11

SHA512
3e59c10cf02c060948bc09f2e70e47798d8a1a654e7cb5bcaba7720d5e131968249a60371c2df840ffcdf258f5bd19a4593502d67d3eac4f483721579130133a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe

Filesize
468KB

MD5
6b5c01f64e0a86308d5ae4105e140c91

SHA1
94fd8707d23966f66b4f734f9ab12c81eb0160ea

SHA256
2ebdd213247483c3553858ccf20bcb05efaf88c22a495213f159310b6ddc5f38

SHA512
77317d51e117d220062950b5c23986bdfb4d23c498ac9cad525f4018019e4c21ab4d1e8d955b338e9870b3c3c3773cb387c100eb1a46f539466242c385f3c0a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe

Filesize
468KB

MD5
ecd22a23a745ec865d2ddc9668e3fe71

SHA1
a7ee5ee3e44590f0ad6f4dc66b3840a8f27f8a84

SHA256
3aa313ba25c8aa730e9cdaa33f5ae311dcbf4485ff5c519c1b82b46a5ce38797

SHA512
b719d310756100f6a476bb978478214da836441ef8f1dae837ac04d3dd6872596b44a9b0d717bae454f13cb3d3762375803118a1784e39c9460335f3271f73de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe

Filesize
468KB

MD5
1d669e622b9dc2bfe482b530b0e2d1b3

SHA1
cc61f811cda03bb667ee46e06d481f23f48df433

SHA256
2062dd2df4f41437fc9f6c6019f23d718e5f54ab970e261365fd912595aec573

SHA512
624a7c6a5edcc7b4cb24e4ed6f17c494945d0ee5f7e3472f68c2de6c845a95f574ca39d368478d7bb82b43466f8ad4c2a162caf632e83a47d92560c7668e7880

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe

Filesize
468KB

MD5
6c9d0bac53722510b2ebce50976ebadd

SHA1
4c01f8b9183cc301aadde1773191cb1d361233c2

SHA256
6cd718608d1722579ceb5d4baa17c91519a3ee39c1a0c6326940a9ebbf5713a0

SHA512
ff5bd62c5ea7f9b876563be6df48bc29fdc9f54ba62a0a91c4b010befc3e3d3599546cc95a45b0e759f03a5d1076ba26f86076b44c2087791cae9ccfff47ad25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe

Filesize
468KB

MD5
75ce2c4ba9bf21e9e0b658db243cfd16

SHA1
652463b38958d33e2bb630cfe9bc3e18bae66ddc

SHA256
3ab50603697e0f6789356267de3e06e0986557f07fea9d4a547bd06e0ff9a91b

SHA512
4960a71f6e65136cb3fc65f73b7c2a0e68f3e8f1adc6d3e6c48b220c0b8faeeb6b83f6f07cbe833f01771707c7cca095bd82bc620a8fa9bf4fabda95b296c7d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe

Filesize
468KB

MD5
7142f4ce8f8020cfd25019ea5eab8982

SHA1
90948c6fc70a1f4838ac26ad8a60c716959c3fbc

SHA256
6f78395b441be11f5b7a66fdc1274b4180c30e0a0207f15b3f57f74e77153497

SHA512
b5b7514bc32052979feec0975a2072336c3dad00476355d0928e5fc9b01aa057da631bbd1c0266018bc430b5348702778bad2bc8e4f8b21357b8b199600ed9dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe

Filesize
468KB

MD5
c1793134e796102c2978e4b83296d12a

SHA1
ec5da935f4ec31cbbde0209ad330ad0f5bbf919f

SHA256
c88343c4edcf1cd4ae863446b58753d089ecf5acdfcb47a0a38ed4f7067eedcc

SHA512
84372d5c56588885c64fbbf30ccac3baaa60d624058faff5ac271e52e4bff239396051a16467da9a5df1ac7e702f1f9d9dd54cdcbc60f314d9512dda998e8e3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe

Filesize
468KB

MD5
b9d3d534ca33b2f8df263fb8219f8be9

SHA1
52ebe7029db2b4799f8d1d78c001240ed70856cb

SHA256
0ba031bc10c725d695f7684e1a11b5071fb4e9068ca04ea4b1aeb5d6a45c9a18

SHA512
835c30e165d904d885b748001afa58b10138c9457161381f7818767ca2cc622ca25bcfb90fea0ef30337cee5e18000b7a6c9bbcf1acc7012b4e4df388fe37795

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe

Filesize
468KB

MD5
1f620de69c6e842a845472dcdb6dbf1d

SHA1
8838ecfdcd4c2bb634ba0b17f2041ee90dadb9f1

SHA256
6c84953696444d4d11356564452a98edb4d7dd633114ace5237fac309f669c7c

SHA512
95e0841779babdf78933b32fdd85e921c16a4a97bc0b58f677e584ca4abd5a4a30bfcf4a4a1185f1f661d42e4dc6341fe3036e0471e67f35ad58b03fabde7da7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe

Filesize
468KB

MD5
46fd9617dcbd9bbe9141375e93373809

SHA1
4e4857704e71fd415b1e5f7ec6465497fbd1461c

SHA256
612d260499107a0351f6d110bc39e0de639769d3d7a52af79e9c2ae57401404c

SHA512
0f980a183d4218004ffc084db75abd4cbd1bf61c27e7aaead4ddd848c03a88e28e23983e67d388471c19b94f90d04536c9d8d720db77bc731b264b9b4305b91d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe

Filesize
468KB

MD5
5348abac7e497988c77bf78da49173b9

SHA1
44598152af540900567601ce61a241c18fcf278c

SHA256
5f3d79808e2d4de0699a109d96d550d1de2d7e7924469e836566d65bc8e0484b

SHA512
aa05bdb713f09699dbc123b191e0a7162bad7838cc31116bdb280c7942fedc1afbbb9af419d786b30d5fc4c873932e8f9763671f36556bf7416a332e64cbd485

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe

Filesize
468KB

MD5
c0d8c2d2f19e24a63bf4efbb49019607

SHA1
41871e463d9ac2bd2ebdfc3a3671830818b68685

SHA256
c70ca20e0ede4ce634099a8a6591c75c5c5745b81013dde5889fb8654809e731

SHA512
6fc134bd3cc5c3af9b5485008a44ed6c85fc4ec2bf7e1e3a4da76a560d7d7aa99e448598d293124da6d2b4206350fa90bd22f8455265cf2ecc67ec3f915c1b91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59319.exe

Filesize
468KB

MD5
b872c50dd4adbb8ff519561a73051466

SHA1
98722563344363c49c4821478879a992da4c6eb6

SHA256
51c3b13fa658a8a07ee868e9519de46f4791ef9de3a3bf3c6298b99fde8643c4

SHA512
1e3e9eec6f823361c495d0a5fc7fd956a94a10b0816d56c5f062219b04d5b724455d3e0d0a473b2dfbfca29f6190a29e027298e13ae5c9d5f10aa3200db242b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe

Filesize
468KB

MD5
93ec2309f454ac86d5dde8bf8e6ea5c3

SHA1
1d08a748ebcae1479f13c7ddce83ffbd16856185

SHA256
5a4fd726a92fa47d950f5cb6f61084e16fa207468346254c3e8814bbae1afcb3

SHA512
5d4c332f6d1818b57ffda0bda0d014e0432b914d1446a09e7f04031406d5abb4be43914b023e2e7f5c89eebe2341f3e4960e133b9b2aa6710dfabd57c554959c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe

Filesize
468KB

MD5
f0e635acfde2ccb0cd51c566223a3cee

SHA1
24304c7bed84545c950ebbd9832ee05af4f741cb

SHA256
d4699143004d8a4a85d49e27d32aaab69c29f485a804fcdee8e24dd4e012b71c

SHA512
116697598baebcfe8123dfccc24b7673a1b4d9d7315cac50b245326cb7e6458fc6bcab0a1d470405f5012f5ee97fc83c73186601b186172e0dc7ec8e807e5e5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe

Filesize
468KB

MD5
39e61683c6c022b7f5b8e77f236c6f86

SHA1
5e0e3410bd3a8c4118b856302eebf94b89c1599c

SHA256
18f6318dedc6b0a7a026b7c7c8b4f4f4a39cced889e014abf7045f7ae86ea347

SHA512
8a32a0aff4206bedbe262b21762549f3b35531ebfc913d5bdda8ed9ba5db27f0da0de36ce159fa641d80e8b9e9a88b81284fc859a5fd3167db47552d3422ea43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe

Filesize
468KB

MD5
7e9ccf75367ef40929c5e6022ce05c59

SHA1
accf0c90f3959d524775b45e0b366fc24e2fb295

SHA256
bf0f231110800a1a159c37e367f2e93784003fabcd34646fc00a548747c56d49

SHA512
c8f100818366f45948b7e9ad23e2209e0aff8303a98ea834d706ccb5b21a48828e9f8055eda935c35efdf6ffaa215e77f1c304b0cad01c0650d13a7c7035775d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe

Filesize
468KB

MD5
355404ef8b9b3d7babeb6a7047dadeb2

SHA1
235002421838c90ab89246bb160e75dad62b6417

SHA256
cc51781ac8f83dd2730af933ea5363222dc2c2c5975a222e178ef032a067fbd5

SHA512
51eababc41a047ea51c8582d2a3b04fd048435c676d17adc078cd2e163a5b0367bf7fbcac2598c79a8299d5dc4f2f92cd5ec83a050938dc7f4bc83cb0003ac00

Download Submit