fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
Size

468KB
MD5

3f5308c88bfbc1b3ffffd813925e06ed
SHA1

d93b1695aeb61372484f4a63b9395a5dd57473f8
SHA256

fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709
SHA512

de95bb206ea0b43cb3db358ba527d09efce00204f88edbf3b945e46cb3842c06128963f812d9adbedd5c131a7700068cbc102e16a9bc620dba770cf2c9a30490
SSDEEP

3072:1aoXoEXvt05RFbY/H5mwWf8buCl7H0pknLHt4VHhiP/FSex4UqlVt:1a4oQ8RFoHIwWfcYW+iPNFx4U+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1668	Unicorn-58100.exe
2560	Unicorn-42693.exe
2936	Unicorn-30440.exe
2784	Unicorn-22036.exe
2884	Unicorn-26334.exe
3052	Unicorn-4718.exe
2232	Unicorn-42094.exe
2628	Unicorn-22816.exe
2132	Unicorn-36473.exe
2084	Unicorn-38851.exe
2920	Unicorn-16384.exe
1196	Unicorn-22515.exe
1992	Unicorn-24938.exe
2968	Unicorn-5337.exe
1900	Unicorn-31420.exe
3020	Unicorn-17221.exe
2144	Unicorn-64201.exe
2248	Unicorn-20642.exe
1932	Unicorn-20642.exe
3064	Unicorn-32462.exe
2672	Unicorn-14594.exe
1644	Unicorn-55016.exe
972	Unicorn-12837.exe
1684	Unicorn-54632.exe
1704	Unicorn-64262.exe
336	Unicorn-50527.exe
608	Unicorn-4855.exe
1492	Unicorn-4855.exe
1536	Unicorn-11326.exe
868	Unicorn-10880.exe
2488	Unicorn-26833.exe
2328	Unicorn-4366.exe
2384	Unicorn-40983.exe
2320	Unicorn-1363.exe
2056	Unicorn-595.exe
2544	Unicorn-46267.exe
596	Unicorn-49220.exe
2740	Unicorn-60661.exe
2780	Unicorn-13572.exe
2252	Unicorn-17399.exe
3016	Unicorn-18359.exe
2468	Unicorn-3257.exe
2492	Unicorn-48929.exe
860	Unicorn-64004.exe
2336	Unicorn-52266.exe
2704	Unicorn-40948.exe
2124	Unicorn-41213.exe
2952	Unicorn-24109.exe
752	Unicorn-14102.exe
1416	Unicorn-7388.exe
2976	Unicorn-7388.exe
1884	Unicorn-33328.exe
1168	Unicorn-37190.exe
3012	Unicorn-25162.exe
2820	Unicorn-34864.exe
2200	Unicorn-37657.exe
2004	Unicorn-64054.exe
2152	Unicorn-64054.exe
436	Unicorn-64054.exe
908	Unicorn-56442.exe
944	Unicorn-61843.exe
2044	Unicorn-61651.exe
1072	Unicorn-28402.exe
568	Unicorn-30213.exe

Loads dropped DLL 64 IoCs

pid	Process
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
1668	Unicorn-58100.exe
1668	Unicorn-58100.exe
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
2560	Unicorn-42693.exe
1668	Unicorn-58100.exe
1668	Unicorn-58100.exe
2560	Unicorn-42693.exe
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
2936	Unicorn-30440.exe
2936	Unicorn-30440.exe
2884	Unicorn-26334.exe
2884	Unicorn-26334.exe
2560	Unicorn-42693.exe
2560	Unicorn-42693.exe
3052	Unicorn-4718.exe
3052	Unicorn-4718.exe
1668	Unicorn-58100.exe
1668	Unicorn-58100.exe
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
2232	Unicorn-42094.exe
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
2936	Unicorn-30440.exe
2232	Unicorn-42094.exe
2936	Unicorn-30440.exe
2628	Unicorn-22816.exe
2628	Unicorn-22816.exe
2884	Unicorn-26334.exe
2884	Unicorn-26334.exe
2784	Unicorn-22036.exe
2784	Unicorn-22036.exe
2084	Unicorn-38851.exe
2084	Unicorn-38851.exe
2132	Unicorn-36473.exe
2132	Unicorn-36473.exe
3052	Unicorn-4718.exe
2560	Unicorn-42693.exe
3052	Unicorn-4718.exe
2560	Unicorn-42693.exe
1992	Unicorn-24938.exe
1992	Unicorn-24938.exe
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
1196	Unicorn-22515.exe
1196	Unicorn-22515.exe
2936	Unicorn-30440.exe
2936	Unicorn-30440.exe
2232	Unicorn-42094.exe
2232	Unicorn-42094.exe
2920	Unicorn-16384.exe
2968	Unicorn-5337.exe
2920	Unicorn-16384.exe
2968	Unicorn-5337.exe
1668	Unicorn-58100.exe
1668	Unicorn-58100.exe
3020	Unicorn-17221.exe
3020	Unicorn-17221.exe
2884	Unicorn-26334.exe
1900	Unicorn-31420.exe
1900	Unicorn-31420.exe
2884	Unicorn-26334.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2224	2820	WerFault.exe	85

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25098.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
1668	Unicorn-58100.exe
2560	Unicorn-42693.exe
2936	Unicorn-30440.exe
2884	Unicorn-26334.exe
2784	Unicorn-22036.exe
2232	Unicorn-42094.exe
3052	Unicorn-4718.exe
2628	Unicorn-22816.exe
2132	Unicorn-36473.exe
2084	Unicorn-38851.exe
2968	Unicorn-5337.exe
1992	Unicorn-24938.exe
1196	Unicorn-22515.exe
2920	Unicorn-16384.exe
3020	Unicorn-17221.exe
1900	Unicorn-31420.exe
2144	Unicorn-64201.exe
2248	Unicorn-20642.exe
1932	Unicorn-20642.exe
3064	Unicorn-32462.exe
2672	Unicorn-14594.exe
1644	Unicorn-55016.exe
1684	Unicorn-54632.exe
1704	Unicorn-64262.exe
972	Unicorn-12837.exe
336	Unicorn-50527.exe
1492	Unicorn-4855.exe
608	Unicorn-4855.exe
1536	Unicorn-11326.exe
868	Unicorn-10880.exe
2328	Unicorn-4366.exe
2488	Unicorn-26833.exe
2384	Unicorn-40983.exe
2544	Unicorn-46267.exe
596	Unicorn-49220.exe
2056	Unicorn-595.exe
2320	Unicorn-1363.exe
2780	Unicorn-13572.exe
2740	Unicorn-60661.exe
2252	Unicorn-17399.exe
3016	Unicorn-18359.exe
2468	Unicorn-3257.exe
2492	Unicorn-48929.exe
860	Unicorn-64004.exe
2336	Unicorn-52266.exe
752	Unicorn-14102.exe
2124	Unicorn-41213.exe
2704	Unicorn-40948.exe
2952	Unicorn-24109.exe
1416	Unicorn-7388.exe
1884	Unicorn-33328.exe
1168	Unicorn-37190.exe
3012	Unicorn-25162.exe
2820	Unicorn-34864.exe
2200	Unicorn-37657.exe
436	Unicorn-64054.exe
2004	Unicorn-64054.exe
2152	Unicorn-64054.exe
944	Unicorn-61843.exe
908	Unicorn-56442.exe
2044	Unicorn-61651.exe
1072	Unicorn-28402.exe
568	Unicorn-30213.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 1668	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	31
PID 2588 wrote to memory of 1668	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	31
PID 2588 wrote to memory of 1668	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	31
PID 2588 wrote to memory of 1668	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	31
PID 1668 wrote to memory of 2560	1668	Unicorn-58100.exe	32
PID 1668 wrote to memory of 2560	1668	Unicorn-58100.exe	32
PID 1668 wrote to memory of 2560	1668	Unicorn-58100.exe	32
PID 1668 wrote to memory of 2560	1668	Unicorn-58100.exe	32
PID 2588 wrote to memory of 2936	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	33
PID 2588 wrote to memory of 2936	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	33
PID 2588 wrote to memory of 2936	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	33
PID 2588 wrote to memory of 2936	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	33
PID 1668 wrote to memory of 2784	1668	Unicorn-58100.exe	35
PID 1668 wrote to memory of 2784	1668	Unicorn-58100.exe	35
PID 1668 wrote to memory of 2784	1668	Unicorn-58100.exe	35
PID 1668 wrote to memory of 2784	1668	Unicorn-58100.exe	35
PID 2560 wrote to memory of 2884	2560	Unicorn-42693.exe	34
PID 2560 wrote to memory of 2884	2560	Unicorn-42693.exe	34
PID 2560 wrote to memory of 2884	2560	Unicorn-42693.exe	34
PID 2560 wrote to memory of 2884	2560	Unicorn-42693.exe	34
PID 2588 wrote to memory of 3052	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	36
PID 2588 wrote to memory of 3052	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	36
PID 2588 wrote to memory of 3052	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	36
PID 2588 wrote to memory of 3052	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	36
PID 2936 wrote to memory of 2232	2936	Unicorn-30440.exe	37
PID 2936 wrote to memory of 2232	2936	Unicorn-30440.exe	37
PID 2936 wrote to memory of 2232	2936	Unicorn-30440.exe	37
PID 2936 wrote to memory of 2232	2936	Unicorn-30440.exe	37
PID 2884 wrote to memory of 2628	2884	Unicorn-26334.exe	38
PID 2884 wrote to memory of 2628	2884	Unicorn-26334.exe	38
PID 2884 wrote to memory of 2628	2884	Unicorn-26334.exe	38
PID 2884 wrote to memory of 2628	2884	Unicorn-26334.exe	38
PID 2560 wrote to memory of 2132	2560	Unicorn-42693.exe	39
PID 2560 wrote to memory of 2132	2560	Unicorn-42693.exe	39
PID 2560 wrote to memory of 2132	2560	Unicorn-42693.exe	39
PID 2560 wrote to memory of 2132	2560	Unicorn-42693.exe	39
PID 3052 wrote to memory of 2084	3052	Unicorn-4718.exe	40
PID 3052 wrote to memory of 2084	3052	Unicorn-4718.exe	40
PID 3052 wrote to memory of 2084	3052	Unicorn-4718.exe	40
PID 3052 wrote to memory of 2084	3052	Unicorn-4718.exe	40
PID 1668 wrote to memory of 2920	1668	Unicorn-58100.exe	41
PID 1668 wrote to memory of 2920	1668	Unicorn-58100.exe	41
PID 1668 wrote to memory of 2920	1668	Unicorn-58100.exe	41
PID 1668 wrote to memory of 2920	1668	Unicorn-58100.exe	41
PID 2588 wrote to memory of 1992	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	42
PID 2588 wrote to memory of 1992	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	42
PID 2588 wrote to memory of 1992	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	42
PID 2588 wrote to memory of 1992	2588	fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe	42
PID 2232 wrote to memory of 1196	2232	Unicorn-42094.exe	43
PID 2232 wrote to memory of 1196	2232	Unicorn-42094.exe	43
PID 2232 wrote to memory of 1196	2232	Unicorn-42094.exe	43
PID 2232 wrote to memory of 1196	2232	Unicorn-42094.exe	43
PID 2936 wrote to memory of 2968	2936	Unicorn-30440.exe	44
PID 2936 wrote to memory of 2968	2936	Unicorn-30440.exe	44
PID 2936 wrote to memory of 2968	2936	Unicorn-30440.exe	44
PID 2936 wrote to memory of 2968	2936	Unicorn-30440.exe	44
PID 2628 wrote to memory of 1900	2628	Unicorn-22816.exe	45
PID 2628 wrote to memory of 1900	2628	Unicorn-22816.exe	45
PID 2628 wrote to memory of 1900	2628	Unicorn-22816.exe	45
PID 2628 wrote to memory of 1900	2628	Unicorn-22816.exe	45
PID 2884 wrote to memory of 3020	2884	Unicorn-26334.exe	46
PID 2884 wrote to memory of 3020	2884	Unicorn-26334.exe	46
PID 2884 wrote to memory of 3020	2884	Unicorn-26334.exe	46
PID 2884 wrote to memory of 3020	2884	Unicorn-26334.exe	46

C:\Users\Admin\AppData\Local\Temp\fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe
"C:\Users\Admin\AppData\Local\Temp\fa3bc096ed4f2113e97b38c0c1892df2b0ec19cfb7f8c4b7a8bea939efc9f709.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        7⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        7⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57485.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        6⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
        6⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        7⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        7⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        7⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        6⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        6⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57789.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        6⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        7⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        7⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        6⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        5⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
        5⤵
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 188
        6⤵
        Program crash
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        5⤵
        
        PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        7⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        5⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40948.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
      4⤵
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22036.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
        7⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        6⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        5⤵
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12769.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        5⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        5⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
      4⤵
      PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      4⤵
      PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        6⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        6⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        5⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        5⤵
        
        PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
      4⤵
      PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
      4⤵
      PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
      4⤵
      PID:5848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
      4⤵
      PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
      4⤵
      PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
      4⤵
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
    3⤵
    PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
    3⤵
    PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33844.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4315.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22515.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        7⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        6⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60250.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33853.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        6⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        5⤵
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
        6⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27987.exe
        6⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        6⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        5⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        5⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
        6⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7783.exe
        6⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
      4⤵
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        5⤵
        
        PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
      4⤵
      PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
      4⤵
      PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
      4⤵
      PID:5424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        6⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37350.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        7⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        6⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39295.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        6⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32984.exe
        6⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        5⤵
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
      4⤵
      PID:5084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
      4⤵
      Executes dropped EXE
      PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        5⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25162.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe
      4⤵
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
      4⤵
      PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
    3⤵
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
      4⤵
      PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
    3⤵
    PID:3336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
    3⤵
    PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
    3⤵
    PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
    3⤵
    PID:4572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        6⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        6⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
        5⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        5⤵
        
        PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5008.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        5⤵
        
        PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
      4⤵
      PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
      4⤵
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
      4⤵
      PID:4368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17399.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19891.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        5⤵
        
        PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
      4⤵
      PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
      4⤵
      PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
      4⤵
      PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
      4⤵
      PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
    3⤵
    PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
    3⤵
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
    3⤵
    PID:4252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
        6⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        5⤵
        
        PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
      4⤵
      PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
      4⤵
      PID:5804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
      4⤵
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
      4⤵
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
      4⤵
      PID:6116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17493.exe
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
    3⤵
    PID:3096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
    3⤵
    PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
    3⤵
    PID:4556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
    3⤵
    PID:5432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
      4⤵
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
      4⤵
      PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
    3⤵
    PID:1320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
    3⤵
    PID:3828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
    3⤵
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
    3⤵
    PID:4612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
    3⤵
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
      4⤵
      PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
      4⤵
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
      4⤵
      PID:5404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8287.exe
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
    3⤵
    PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
    3⤵
    PID:3980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
    3⤵
    PID:4524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
  2⤵
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
    3⤵
    PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
    3⤵
    PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
    3⤵
    PID:5796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
  2⤵
  PID:1080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51557.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51557.exe
  2⤵
  PID:4064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
  2⤵
  PID:4868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
  2⤵
  PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22036.exe

Filesize
468KB

MD5
1fd154bc32bc713dc57af917718173f8

SHA1
be318c571869ad90a47785db5d0875a8dba918a2

SHA256
72743c5ae3ffa4ecb356b4752c2d09fa8285c456e002b3bc372eca18ea34bc9a

SHA512
bab43cdba77ca9ee4753a7b108be464ef2f3485ca3fc467a4a89e408935951980ee266fe6eba740cc57267e78a0638482adaa2d2db26c588881535e8b2f829ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22515.exe

Filesize
468KB

MD5
601266db46cbbb767795089caa4a05f7

SHA1
4c8dce6f4485e4f1427cfcc774c82689d67d411f

SHA256
7f5cf232079fcebef122484169e5ccafdab2edb96ac8980469a6499d2cc854ca

SHA512
fd413abaf08db483c6b3d8b39b6c4102e7532294c7cd5c0a7aa5de74c04cfd831af2cf08246faf68cc7ea9c0ac2f4c135772060d332f5211e2be16ae8df12f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe

Filesize
468KB

MD5
5b19c622ed6ed4cbe4e842c2cbef7442

SHA1
90ee1ec151f47fc3ffc42e35062e6cba791de6a7

SHA256
33d70ef871530523f7d6438ee97dd859313ba07ca521f57fa2427344d4ebc6fb

SHA512
558f18296335e28669a4b19a9eb5d366413aacbc4139003295e526677222ac6415e403bd51961006ac53ac64cbdb3be115bceafd517744141aca0909d476489e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe

Filesize
468KB

MD5
38110aa2491db5ba7adfad8c29b55a71

SHA1
8d8e438382092e9c9e3262dcdd2b4b5bc9d4506d

SHA256
37b1346e70c9e09b51759ccdf9d210d3c93590f0c85b907d2c9a07e54ec875cf

SHA512
1582e9c4131a40075927ba4ab131a17d3e433bf15bd7f0c44dd507a2deb4286ef7ffa0845dec815fd7265746991b0f0740af60c0d3d9d9ba38b341e2a11e9172

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe

Filesize
468KB

MD5
eb87aae4f33fd32d1d09bfa5ba4b0452

SHA1
3566566f565988dfe65f6447f723b25efc081930

SHA256
6cd952e3bd6c3cec44c7814a091fc80958d6f611809816402985a374671450ff

SHA512
8a34941e8f45571cb2bb237ceb5cb12087170e4d390d864f156e76aa0facdfaaef7f22c861825aff601ef9504ccf105aca9797c32d3bdc1b7e93ac75c4a107c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe

Filesize
468KB

MD5
3db86d085f0110c415c07f6f46c27a1d

SHA1
8bd63e327d88ac28b55949113e835d221f9c9b01

SHA256
d3813e4fb6150ac29937c651879c51bd9896af4038053ddc08562e0327f164a0

SHA512
be4c2f7b6723a0cfbe3b04a59b6b18cf52763c6dfb3d9889c814a83ded8b57037004971202bcbb044cbf3ef3869b8a9e968d89f21326b9c20767f34f23763633

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe

Filesize
468KB

MD5
aba1ec238913a3466b6b9e70ad2f7eee

SHA1
ab2a7de674e8051c714d13ae1abd0e2072f8bc10

SHA256
5706c94a855a204179f4cf836940e2b91d34d5614bae9d77f052eebec3036213

SHA512
f845a9422f80b488a8c5a6b7586b8c435a3a121bb568db1d038de0ddbef28bb6a1cfca69a827f03fd2d6beeeb93f8320414370fb67d244dba4dedb4276d7185e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe

Filesize
468KB

MD5
69a45e5da94f2fd1f87adba47e26b9f3

SHA1
ef55a8ab5ffc5fe038fd4ece9470a5287fe8bb9e

SHA256
5eab2fbf949ed26e0ccba2128a06effc588862f776c3457eca6e1702da34f041

SHA512
44219db0d75bd37926140cf96349a7fb5e257390ca5c5c88623f3070d3789fc72c4cb2d0d8859e9a9848b6aa011039e47f1f8cd7a875db66be852a52f5f928d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe

Filesize
468KB

MD5
53b1350591d13f18a2a344431cba67c4

SHA1
722bfb61e9526a907c44c66c105212e0bd127d50

SHA256
4c570d0f2463f96642c9a21f8deb89bba54da9df2a36f3599e2072fb85c7f113

SHA512
826d0a56a3c89eca0e3bb582fb488cba524ad611d7a6116db3d3fb10afe223dc528adf7c04eccd55cfb38c472268b75daed20edcde706bc509d9a41111e8c788

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe

Filesize
468KB

MD5
f6fbdd5c928bcfbe5aa947af1f890583

SHA1
e5555b56023e3008521407018fb16bd56b0f3410

SHA256
a2e8bc7f291eb233ef167cbcc2d7258f0dcb7f27641dddd47be1787220a060c5

SHA512
ddd5de0a64f4462ff05d4a462431e884d4db10b05c7e1df23a736887306e217215a2fa6ee3d260bd2b7e634eea94ca627665d734c198e828dd3d22fff514ba8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe

Filesize
468KB

MD5
85087080dadde47fd9ab51ffd0eb3434

SHA1
300dfb14f53fa00ac1b92834b98fe70df0a63c3a

SHA256
e7a00902fbc3bfaf7c29ff94849d4e01177139c2379bc2f66e08c9f3b808c443

SHA512
c002226744c71433f5aae933815fe4d56c46b6b3c16a8d30d2be697e155d3cdce006ac9055d1abbcf2cc1e4af0e2933b1ab1bd6a1f4f2ea4f1972ae4dac08fe5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe

Filesize
468KB

MD5
3689bf69df2242590cd6f6015de6db1b

SHA1
b339fb99cf8fd75bff8b0cb42122977e80f1c46c

SHA256
7ed29e955dc6ebb6f1ab69c7f18723187c318b617d95866f12c575a22f122df3

SHA512
e0015987e2ca1062f2487cfbe32ef83bfcf0b11cfef479285c9b60279781ab67de662b93df49df11ce6d094e0199c40d091bb7f777addf5f7679d307613da701

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe

Filesize
468KB

MD5
06e08558f090ccc8ad7b614bc4002764

SHA1
8a0878885769f316bb6da0bb8fa0a70a99c16fa7

SHA256
4a8b9b1002e903b7623f836cf65a7a5c5346983d54af9e41c9e85b5f3ce3dfc2

SHA512
688f1dee76571ea49b126145850dab3c8425bbafb8a226e0ee8360b7d7f2ad322e70dcdbb6997a8b4ed9e8f4d2fef66b2b917d628bbcdc82e5df51a1aa2a54c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe

Filesize
468KB

MD5
547a2a8d50c2b1886b412f90ca3887db

SHA1
262e8f199bb598ff5e2894ad3c61de806dbccc39

SHA256
d64d4edda5489ffed9890aaa62190ca1094b6eec291aea4157ce7df9c2482701

SHA512
46b202ca94a2ee630b6145113f4a7789e7a3a445691036f028da84ac5615c731a9f7cf4944fa5428d8e3cb718f15b154fda7e44725179d6f0c5b3006de78e9bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe

Filesize
468KB

MD5
8cefd03f16df845f3a0ea657d2126b10

SHA1
79dbb3d440cfe9035309c7fa3924508ac376a4e6

SHA256
010afef76c5abfd5d5e7126833674f090d4a79a637e72556d22c9609960c267b

SHA512
0bb68b77fd08c1cff18b5bd48c2cfffed39d9f66415b3b200b7dbb050979ae7dac1784c5fa9f5893ad0ea99d59038d72c52385696431ce812f770051ad873202

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe

Filesize
468KB

MD5
aa594fe095307499054a204df4e1543a

SHA1
6d6d9b664d63699ebd75234e0026a2258c54d41c

SHA256
3eade90871cc79016b60c24195f430c195b1ec5eb525f608ebb8c3c866623ed4

SHA512
80a7d6d6daeef56398d60f9c1f23f42ee589741589c7e7c570ee8034184f7673e3d92ed1ecdfa1b824d7f2d170a75d59a2d5e147658b95a13bef5b83789775b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe

Filesize
468KB

MD5
4b25e9de136a6bac4467fa60e0543b97

SHA1
ef568de263fe1bda888996fbac94115bfc448431

SHA256
a0617c723e5a95bb41b132fe8c1d154d55ee1639a3ba320b814e0f74e436b959

SHA512
dd5cf4e9b3a1018b04a1c55ccb5537c57f81733f6f1dc441e6d42765db445a4584478330dbb7b195d43603111433c80f7eadab75de20eaebdd8bce45efa75769

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe

Filesize
468KB

MD5
38b6894b4d970f348d54097bff32b9c5

SHA1
d48fc4d74c1df9ed1860a2a078b9cc7f2a6630a4

SHA256
0409ff7614314450733165e82eb41031b18f8406ca7d7ed2087e2f87c004b14a

SHA512
05aea6c3d3b7e3cc1821d48148086ddf612473100ad5d2f35e1e60b30d6f489ef423c2fc709f09540ce364dc2224926f509ea32825193353c0b5cc914fbed690

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe

Filesize
468KB

MD5
2c3183bfb4a6f2bc0fd915b59e12cf4d

SHA1
e05b978f825b968ad8a61b421d63ae322a7ddb5f

SHA256
b68a4ffcc4c114e049addc1463e01fcc5536dc829bba4c230b7823ba27baa2a0

SHA512
b81b1980422e094954a898549e73d63f2302255ddae213394fe3c521f18e20cad6028b3256c3a72b9ea2ab37726bd3b824022ed549f24dba988962faa91d530f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe

Filesize
468KB

MD5
010d62d455fd837a4e78e714e760fbea

SHA1
ede762637a70e492a2d0bdf223c060991ec169cf

SHA256
77024c03f03ddceee67432b7271d24716fbfbba3369c061d66fb1af0ba15c566

SHA512
786bb23730df971c9f371590ec915ece1cc2747b10fe505d524a15fac03b987a2ae028ea37a5d000ec23c8d750d8e0df12e65a461f9a114d516098b6e943845f

Download Submit