77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
Size

468KB
MD5

bc6ad5d0c40d668781fe6927b0b23436
SHA1

d1a339af9424352e22d44fb878087dea1aaeb7fd
SHA256

77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746
SHA512

b4ec4c3137214e8cf302f3303830e52eb9e3dd1db27e4ea373ccc5c60522a3957b3389fa37d1e86f43da177142f82cfc5e26122f6fe2a1e8e4ce11fdeb07afb5
SSDEEP

3072:07QSogSEIc5YHbYxofjcff8wAaJBHpnWUEHC1dSuxfgIeglZF8f7:07Zo70YHCorcffnB1hxfpjlZF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2604	Unicorn-38221.exe
2760	Unicorn-64621.exe
2140	Unicorn-16402.exe
2884	Unicorn-58443.exe
2812	Unicorn-32957.exe
3052	Unicorn-27398.exe
2796	Unicorn-8147.exe
2688	Unicorn-33217.exe
2496	Unicorn-9283.exe
2192	Unicorn-52407.exe
3016	Unicorn-64815.exe
2744	Unicorn-37670.exe
1188	Unicorn-37670.exe
1096	Unicorn-905.exe
2576	Unicorn-14640.exe
836	Unicorn-39540.exe
2416	Unicorn-48025.exe
1908	Unicorn-43644.exe
880	Unicorn-52986.exe
1796	Unicorn-25872.exe
3032	Unicorn-43294.exe
1064	Unicorn-24074.exe
992	Unicorn-34270.exe
1828	Unicorn-54136.exe
1736	Unicorn-19583.exe
1184	Unicorn-25714.exe
580	Unicorn-21755.exe
2164	Unicorn-21489.exe
2216	Unicorn-12824.exe
2508	Unicorn-61645.exe
784	Unicorn-65276.exe
900	Unicorn-44887.exe
2308	Unicorn-57036.exe
1084	Unicorn-4768.exe
2620	Unicorn-57175.exe
2864	Unicorn-7859.exe
2820	Unicorn-37957.exe
2152	Unicorn-57823.exe
2900	Unicorn-335.exe
3056	Unicorn-46007.exe
2816	Unicorn-53598.exe
2700	Unicorn-53588.exe
2928	Unicorn-13516.exe
2120	Unicorn-38290.exe
2204	Unicorn-9396.exe
888	Unicorn-9396.exe
1180	Unicorn-6969.exe
1456	Unicorn-13099.exe
2980	Unicorn-46904.exe
1636	Unicorn-12575.exe
2004	Unicorn-52238.exe
2944	Unicorn-46078.exe
2428	Unicorn-4157.exe
3004	Unicorn-10022.exe
2484	Unicorn-7739.exe
560	Unicorn-38710.exe
1612	Unicorn-31531.exe
2124	Unicorn-45695.exe
1784	Unicorn-24571.exe
1552	Unicorn-59940.exe
1968	Unicorn-9346.exe
272	Unicorn-14831.exe
2540	Unicorn-51946.exe
2624	Unicorn-34960.exe

Loads dropped DLL 64 IoCs

pid	Process
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2604	Unicorn-38221.exe
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2604	Unicorn-38221.exe
2140	Unicorn-16402.exe
2140	Unicorn-16402.exe
2604	Unicorn-38221.exe
2760	Unicorn-64621.exe
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2760	Unicorn-64621.exe
2604	Unicorn-38221.exe
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2884	Unicorn-58443.exe
2884	Unicorn-58443.exe
2140	Unicorn-16402.exe
3052	Unicorn-27398.exe
2140	Unicorn-16402.exe
3052	Unicorn-27398.exe
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2796	Unicorn-8147.exe
2812	Unicorn-32957.exe
2796	Unicorn-8147.exe
2812	Unicorn-32957.exe
2604	Unicorn-38221.exe
2760	Unicorn-64621.exe
2760	Unicorn-64621.exe
2604	Unicorn-38221.exe
2496	Unicorn-9283.exe
2496	Unicorn-9283.exe
2688	Unicorn-33217.exe
2688	Unicorn-33217.exe
3052	Unicorn-27398.exe
3052	Unicorn-27398.exe
2884	Unicorn-58443.exe
2884	Unicorn-58443.exe
1096	Unicorn-905.exe
1096	Unicorn-905.exe
2760	Unicorn-64621.exe
1188	Unicorn-37670.exe
1188	Unicorn-37670.exe
2760	Unicorn-64621.exe
2812	Unicorn-32957.exe
2812	Unicorn-32957.exe
2192	Unicorn-52407.exe
2192	Unicorn-52407.exe
2140	Unicorn-16402.exe
3016	Unicorn-64815.exe
2140	Unicorn-16402.exe
3016	Unicorn-64815.exe
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2744	Unicorn-37670.exe
2604	Unicorn-38221.exe
2744	Unicorn-37670.exe
2604	Unicorn-38221.exe
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2796	Unicorn-8147.exe
2796	Unicorn-8147.exe
836	Unicorn-39540.exe
836	Unicorn-39540.exe
2496	Unicorn-9283.exe
2496	Unicorn-9283.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1788	3004	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26424.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
2604	Unicorn-38221.exe
2760	Unicorn-64621.exe
2140	Unicorn-16402.exe
2884	Unicorn-58443.exe
3052	Unicorn-27398.exe
2812	Unicorn-32957.exe
2796	Unicorn-8147.exe
2688	Unicorn-33217.exe
2496	Unicorn-9283.exe
2192	Unicorn-52407.exe
3016	Unicorn-64815.exe
2744	Unicorn-37670.exe
1096	Unicorn-905.exe
2576	Unicorn-14640.exe
1188	Unicorn-37670.exe
836	Unicorn-39540.exe
2416	Unicorn-48025.exe
880	Unicorn-52986.exe
1908	Unicorn-43644.exe
1796	Unicorn-25872.exe
3032	Unicorn-43294.exe
1064	Unicorn-24074.exe
1184	Unicorn-25714.exe
1736	Unicorn-19583.exe
992	Unicorn-34270.exe
1828	Unicorn-54136.exe
580	Unicorn-21755.exe
2216	Unicorn-12824.exe
2164	Unicorn-21489.exe
2508	Unicorn-61645.exe
784	Unicorn-65276.exe
900	Unicorn-44887.exe
2308	Unicorn-57036.exe
1084	Unicorn-4768.exe
2620	Unicorn-57175.exe
2864	Unicorn-7859.exe
2820	Unicorn-37957.exe
2152	Unicorn-57823.exe
2900	Unicorn-335.exe
3056	Unicorn-46007.exe
2816	Unicorn-53598.exe
2700	Unicorn-53588.exe
888	Unicorn-9396.exe
2928	Unicorn-13516.exe
1636	Unicorn-12575.exe
2120	Unicorn-38290.exe
1180	Unicorn-6969.exe
2204	Unicorn-9396.exe
1456	Unicorn-13099.exe
2004	Unicorn-52238.exe
2944	Unicorn-46078.exe
2980	Unicorn-46904.exe
2428	Unicorn-4157.exe
3004	Unicorn-10022.exe
560	Unicorn-38710.exe
2484	Unicorn-7739.exe
1968	Unicorn-9346.exe
272	Unicorn-14831.exe
2124	Unicorn-45695.exe
1612	Unicorn-31531.exe
2540	Unicorn-51946.exe
1552	Unicorn-59940.exe
1784	Unicorn-24571.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2604	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	30
PID 2188 wrote to memory of 2604	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	30
PID 2188 wrote to memory of 2604	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	30
PID 2188 wrote to memory of 2604	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	30
PID 2188 wrote to memory of 2760	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	33
PID 2188 wrote to memory of 2760	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	33
PID 2188 wrote to memory of 2760	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	33
PID 2188 wrote to memory of 2760	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	33
PID 2604 wrote to memory of 2140	2604	Unicorn-38221.exe	32
PID 2604 wrote to memory of 2140	2604	Unicorn-38221.exe	32
PID 2604 wrote to memory of 2140	2604	Unicorn-38221.exe	32
PID 2604 wrote to memory of 2140	2604	Unicorn-38221.exe	32
PID 2140 wrote to memory of 2884	2140	Unicorn-16402.exe	34
PID 2140 wrote to memory of 2884	2140	Unicorn-16402.exe	34
PID 2140 wrote to memory of 2884	2140	Unicorn-16402.exe	34
PID 2140 wrote to memory of 2884	2140	Unicorn-16402.exe	34
PID 2760 wrote to memory of 2796	2760	Unicorn-64621.exe	36
PID 2760 wrote to memory of 2796	2760	Unicorn-64621.exe	36
PID 2760 wrote to memory of 2796	2760	Unicorn-64621.exe	36
PID 2760 wrote to memory of 2796	2760	Unicorn-64621.exe	36
PID 2604 wrote to memory of 2812	2604	Unicorn-38221.exe	35
PID 2604 wrote to memory of 2812	2604	Unicorn-38221.exe	35
PID 2604 wrote to memory of 2812	2604	Unicorn-38221.exe	35
PID 2604 wrote to memory of 2812	2604	Unicorn-38221.exe	35
PID 2188 wrote to memory of 3052	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	37
PID 2188 wrote to memory of 3052	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	37
PID 2188 wrote to memory of 3052	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	37
PID 2188 wrote to memory of 3052	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	37
PID 2884 wrote to memory of 2688	2884	Unicorn-58443.exe	38
PID 2884 wrote to memory of 2688	2884	Unicorn-58443.exe	38
PID 2884 wrote to memory of 2688	2884	Unicorn-58443.exe	38
PID 2884 wrote to memory of 2688	2884	Unicorn-58443.exe	38
PID 2140 wrote to memory of 2192	2140	Unicorn-16402.exe	39
PID 2140 wrote to memory of 2192	2140	Unicorn-16402.exe	39
PID 2140 wrote to memory of 2192	2140	Unicorn-16402.exe	39
PID 2140 wrote to memory of 2192	2140	Unicorn-16402.exe	39
PID 3052 wrote to memory of 2496	3052	Unicorn-27398.exe	40
PID 3052 wrote to memory of 2496	3052	Unicorn-27398.exe	40
PID 3052 wrote to memory of 2496	3052	Unicorn-27398.exe	40
PID 3052 wrote to memory of 2496	3052	Unicorn-27398.exe	40
PID 2188 wrote to memory of 3016	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	41
PID 2188 wrote to memory of 3016	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	41
PID 2188 wrote to memory of 3016	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	41
PID 2188 wrote to memory of 3016	2188	77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe	41
PID 2796 wrote to memory of 2744	2796	Unicorn-8147.exe	43
PID 2796 wrote to memory of 2744	2796	Unicorn-8147.exe	43
PID 2796 wrote to memory of 2744	2796	Unicorn-8147.exe	43
PID 2796 wrote to memory of 2744	2796	Unicorn-8147.exe	43
PID 2812 wrote to memory of 1188	2812	Unicorn-32957.exe	42
PID 2812 wrote to memory of 1188	2812	Unicorn-32957.exe	42
PID 2812 wrote to memory of 1188	2812	Unicorn-32957.exe	42
PID 2812 wrote to memory of 1188	2812	Unicorn-32957.exe	42
PID 2760 wrote to memory of 1096	2760	Unicorn-64621.exe	45
PID 2760 wrote to memory of 1096	2760	Unicorn-64621.exe	45
PID 2760 wrote to memory of 1096	2760	Unicorn-64621.exe	45
PID 2760 wrote to memory of 1096	2760	Unicorn-64621.exe	45
PID 2604 wrote to memory of 2576	2604	Unicorn-38221.exe	44
PID 2604 wrote to memory of 2576	2604	Unicorn-38221.exe	44
PID 2604 wrote to memory of 2576	2604	Unicorn-38221.exe	44
PID 2604 wrote to memory of 2576	2604	Unicorn-38221.exe	44
PID 2496 wrote to memory of 836	2496	Unicorn-9283.exe	46
PID 2496 wrote to memory of 836	2496	Unicorn-9283.exe	46
PID 2496 wrote to memory of 836	2496	Unicorn-9283.exe	46
PID 2496 wrote to memory of 836	2496	Unicorn-9283.exe	46

C:\Users\Admin\AppData\Local\Temp\77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe
"C:\Users\Admin\AppData\Local\Temp\77ec523204273b3573aa222f6a4907291ea95b1d38727f8dfd2bd17bb1c4a746.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        8⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
        7⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26148.exe
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36045.exe
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        7⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        7⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        6⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        6⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        6⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        6⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        5⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        5⤵
        
        PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        7⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7654.exe
        6⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        6⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        5⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        5⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        5⤵
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        5⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
      4⤵
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        5⤵
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
      4⤵
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
      4⤵
      PID:5948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        7⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        6⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        6⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48215.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        5⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34270.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63053.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        6⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        5⤵
        
        PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        5⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
      4⤵
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        5⤵
        Executes dropped EXE
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
        6⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64116.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        6⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        6⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27936.exe
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
      4⤵
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10383.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
      4⤵
      PID:6108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        5⤵
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
      4⤵
      PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
      4⤵
      PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
      4⤵
      PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
      4⤵
      PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
      4⤵
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
      4⤵
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
    3⤵
    PID:1264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
    3⤵
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
    3⤵
    PID:4900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1760.exe
    3⤵
    PID:5428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        7⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        7⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32150.exe
        6⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-99.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        5⤵
        
        PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        6⤵
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        6⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28704.exe
      4⤵
      PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      4⤵
      PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
      4⤵
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
      4⤵
      PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
        7⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        6⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        5⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49763.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        5⤵
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30972.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
      4⤵
      PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38354.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
      4⤵
      PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10870.exe
        6⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        5⤵
        
        PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48215.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
      4⤵
      PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
      4⤵
      PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
      4⤵
      PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 188
      4⤵
      Program crash
      PID:1788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
    3⤵
    PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
    3⤵
    PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
    3⤵
    PID:4028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
    3⤵
    PID:3672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49796.exe
    3⤵
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        7⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        6⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        6⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        6⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        6⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19759.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33697.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
        5⤵
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        5⤵
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        6⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        6⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20400.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59564.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        5⤵
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
      4⤵
      PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43644.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
      4⤵
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
      4⤵
      PID:5760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
      4⤵
      PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
    3⤵
    PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
    3⤵
    PID:640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
    3⤵
    PID:3476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
    3⤵
    PID:3340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        5⤵
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14831.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
      4⤵
      PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
      4⤵
      PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
      4⤵
      PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
      4⤵
      PID:5748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
    3⤵
    PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
    3⤵
    PID:2440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
    3⤵
    PID:3804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
    3⤵
    PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
    3⤵
    PID:5236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
      4⤵
      PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
      4⤵
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
      4⤵
      PID:5396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
    3⤵
    PID:612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18179.exe
    3⤵
    PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
    3⤵
    PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
    3⤵
    PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
    3⤵
    PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
    3⤵
    PID:5280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
    3⤵
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
    3⤵
    PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
    3⤵
    PID:5076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
    3⤵
    PID:5400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
  2⤵
  PID:964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
  2⤵
  PID:2792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
  2⤵
  PID:3432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37918.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37918.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
  2⤵
  PID:4688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
  2⤵
  PID:5976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe

Filesize
468KB

MD5
6d75fafaf8577536f17d0d36dc00f489

SHA1
071de4d672a6f4b7a5a10966235a8f07a621d3df

SHA256
9a79995880a6ad240d8ec17bfe232fe367402a38718b8b8bd93f70bb33dacb8b

SHA512
f3b4d8400f692bf29837dc5e4d5e4812825a04440896feaabacd414bb20d515638dd1052a985bfc5aee14420537a81531369f56e342fab7803c648a8a0e167ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe

Filesize
468KB

MD5
7c3ba3055622cc70066b400c78ccd3e1

SHA1
a515406f6500ea789a29182cc238a34f22e729e0

SHA256
59136be8101054470040074ea9dfcca5803da2609d412a449921ac967f08f683

SHA512
21fa3042804ad69c7c7f46b75d72b02d3b59f18c0a3d0ba286f486712d15bf4c0774a29498a134d3d82ca8b16162525826d442804a1cfebda2f4e017fd12b4ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe

Filesize
468KB

MD5
db90356dafcfb25d1b24dc628b687c9c

SHA1
cea20e66d27e93f9e2a9c6698976fad78663b65f

SHA256
aaaadcefbce8683716ebb2766dfdfdbbcfdd1a0792791ddf165b9b5f4913ba37

SHA512
cb6c466feb77035554dc8020d06db50e8b16af022b65064940c720f79c287d24ef1a2c1378c0341cdb76a11a45d390ce9366e1b095f1577f45f42dbf62944929

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe

Filesize
468KB

MD5
42b712c55b77ef7112f0e2795796eb5d

SHA1
5583912dbe5ddac816e9a6b679cced3ac07c70e3

SHA256
744b820879a4dea5b4fba38abb95a29aec236337949951df81518ec009eb73d9

SHA512
373642ebcdde4695e05715a3fce1913e0836b42810552513d82c8f388689089c97bb090cd8955bfd0c3beeeeda34947e94063c2ea6900dcabf00aa5fc132cd0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe

Filesize
468KB

MD5
8d22d7b70b246fdf5df6eab6d2164cda

SHA1
16ac9a3d7e766080364b4bafe72ebe96cba85c10

SHA256
07a69d3042ba39c7bc3ba0222f6d5cec9a58b0bbb3a86fd6475c98639779014f

SHA512
f5c7e94803948c4e104fac14255995ecc7496512213e1e1cdb3ce56323487e69a01ffadc96b4218b1711826cf3084f3ee80bed5242b97bd33aaa487e64444c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe

Filesize
468KB

MD5
8ef6ccfd31c9c9fcf3109190e972591b

SHA1
41b78c3fd8e8e3b5ee4a1c608af1661d80c7e33d

SHA256
bfd2acb18c479b3b6eea5f6705f2d1e9d61c439ba08af0d1a15baeb52080bddb

SHA512
5b6b66670f10e230a6b9ab581dae1266299e5ad1817cf38d4879614d215fadf234a83b4d710b6175344a272d5a9a167bf418007521ea303c00fb387be604ce43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe

Filesize
468KB

MD5
289af48773ab2c81202b5336700e2503

SHA1
9c1498e5bb8aba2de8d9da3552a6efd39aed1606

SHA256
41268b9c042599e3cc49e7fb2d24a8ff25d1066e599301af6a597272354e060e

SHA512
c2b25ba625a88414f9990e87c35d2ce92dcaebe9f063e47698c88f7575ce02511d4640d0cf5d5a1a94724c7068f280eff12b308f70016de1ad3bbba26d5f5ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe

Filesize
468KB

MD5
d0db91c8d9a2e4c83982dad251dd54bd

SHA1
21365ee135657fea71da65a7be82b8078e5e77be

SHA256
96ccc906ef82ebab8ce94fd075d98d950a6ea16bc1389d1c5168eb965a9993aa

SHA512
0cd57607004bf29deb277b522ea458d28109a41304963943ac9d831906636129d49917d611da740538646d6e89351fb229f9b797df536d1e4848d858dbf9054c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe

Filesize
468KB

MD5
77d0449df05bebdeae0caa60dcefabb2

SHA1
465da14b5e8d98a8498feecc6bf0933f28e68b9c

SHA256
bd9665d20aaa53d1940b2a14a29da5bba3dcb83c9c6a2fe6d4edeb3df56ecc44

SHA512
e68a943db549b8e3980ac8c2378392f869e59197b297ff7894ea01952c91f311cca792bc830e6f0fed144eace6faa0bf7b74901e54ad0e227dbd82afee83036a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe

Filesize
468KB

MD5
11421d0f20c167cbfed266dac4ee8281

SHA1
ce69d0ec623da9bff0ec09fef445f7b00fd13b79

SHA256
c60b725b8e84c477f1002a7b1ea7c8cde302b5a3b45936d3a22dba9d57165dc9

SHA512
bd866df5fe48d2564d9558f4d9c59ba1eec276676ea154f460544292905779b15e7ac6d0aadd0aa03ef4e43725d06f2c1e17b73cd6fef231883859fc5717719b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe

Filesize
468KB

MD5
31eb90e94241b77f76aa2fd4b476d640

SHA1
122aad791ecdff7cf4578ce836c6938235c3955b

SHA256
44668b94600e661067b9f89417a54e4ea4d52d549d7bb873baef7d82e9a26233

SHA512
b217592e1eac424d646396e28265465160315aefd80c9f2e1bbbdcaf3900a2154a7d81b959e2e71e39ce9bff5c5bed5958797c98fffa777eeb3c7f5daf1dac4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe

Filesize
468KB

MD5
1ae5c5a36788e1121742c3731803be10

SHA1
796c642637d9b621d3844460bf93d499aa3811eb

SHA256
4979bdf3c7ef39ca009f6742cf55aa89882c78fadc6e1b56972d2c853cb2cba8

SHA512
a7381c244ee22267df8fab4cd4b7a4b816b3673ed79621db4063cc647ba12b68868acd409b9936689fae6a8be72b67aa3f10cfc01bf6608815d91f84b9001d24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe

Filesize
468KB

MD5
2986d9d043aa6168a69de13052a177a0

SHA1
a18c36392014994ee63c51c0ddaf88f5c7456d2b

SHA256
db21612dccb1fca889c0231e95e5ec68374188553f85377a6186f89eb5c034da

SHA512
742b7a34a36dbb57d45e4b212c5de36050f94ed48008574d1fc61c8ec91fb9ac711dc5c412f7d999f2f1bfc29c08d13cbd1ac797fc95370810677ef642392912

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43644.exe

Filesize
468KB

MD5
281d6d7384d8e77625e8c5985380e4e0

SHA1
00d39ba6f9e7948d47222464b764c6b7f2920b3f

SHA256
974cae93def1515d9d05510f0724500330a04ec5e8f7a1722f1fd9d35462c060

SHA512
31f3ed01f9367c9d16519bc1b529a8eedefac152da57844babaf556a8f172b4209647c6a332be0915b3069a3672d2077e3ff3c9a01ad9711a89ed473564b9340

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe

Filesize
468KB

MD5
ee427372d22596a6237c176d85f30a5b

SHA1
18ca85ebae26296eb920f08afe16f616e1ba77a1

SHA256
2d6d2a133465c133a97460ac104830c9c431fa364f05d81e3c4fded4b13d854d

SHA512
edd598a62ccca5175765a14e7ccc749cd288946b9342c441a5edc6548e626e418b93d2bf3afba70cbec44d6f37a656baea3c30e81972473a06009d468cf95194

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe

Filesize
468KB

MD5
4293cead663d11dc9d7ad77c6913206c

SHA1
e05982f71d7d3471d652268f7d38b92228700bb7

SHA256
d1d6d10399072ff2c236196801548020ba465523a704f49230e357db5baaffb1

SHA512
8ca02d57264eff16ed43db593763e42ad1eeeb835dd3b16288cfd26149d338dd764b63d122e524548710b40eb9c59869f14a94941956bd02fba6580d12cb1b4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe

Filesize
468KB

MD5
87c8d6553ce24977ebf9ea6759ad647b

SHA1
ec6ed87e5f4e1c8a3db465f5035f78ab0f0eba65

SHA256
7efc17d2a0b23693d60f0e179184e73f324bf07a21ee54e5f95f91c28f7613dc

SHA512
e8d027880980e4dc25db2c42c71073b8f9f0a9ff9711e8527f322d3c3a727da37a2b0d660b6ec6ebce340ccb40fea7e21d3244b52e956c5f89537f83fc7a6895

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe

Filesize
468KB

MD5
54666a661339cac7125820a1c0b9358c

SHA1
bfa1ee978991f3366945d43c8533bf31d726b814

SHA256
f0e0ddc4c18260891381b50dedc502f89add34192a3fdbfba167ff421d4c75d5

SHA512
698649cdb68c8d9a941297e42f183be536f46db14391f20df3ae49ccc4911041ffdd5b3e6cfba89efcf4c74909eb2fe8df8bd140c99896f54e6843b9694af8d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe

Filesize
468KB

MD5
291a37a8494e123a4c1185906040eeb0

SHA1
253c1de8929227107adf0c46b780efba9a34eea6

SHA256
3e6c6408fe403692a9d85a91aa6bdebea6f36a233d1494b7e7551ef38f03d62c

SHA512
dff9206dae53238aa43d2bbd63d33059802b1895c0631957e92dad8cf389a120a9ca94002009c0d8522b7605483a8f9a66aded2a25c0b27977a457b24eaf870d

Download Submit