27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
Size

468KB
MD5

ba40d5a6a8982767a768de8ea67b7d0f
SHA1

4bbc50b59ee0755310e2c0bb6f32ae0964605f92
SHA256

27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85
SHA512

767d74c125f816da7ea5a6fc1f8421e65db5203aa89d85da24eea4ed164e7357a622e1940619e7ad8f645df0a7f96792c5165ef797c9cfcda7a10fc4dc939acf
SSDEEP

3072:cbjeogWCId5ItbYkPztjof8BPCMvPgpan0He/fqPQlM8RMKLkflQ0:cbioxbItTPJjof+c+kQl16KLkn

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2588	Unicorn-25868.exe
2376	Unicorn-56926.exe
316	Unicorn-10527.exe
2552	Unicorn-57907.exe
2928	Unicorn-49547.exe
2204	Unicorn-29681.exe
2708	Unicorn-24423.exe
2856	Unicorn-15595.exe
2740	Unicorn-28402.exe
2732	Unicorn-39908.exe
1968	Unicorn-33092.exe
2984	Unicorn-38958.exe
776	Unicorn-19357.exe
1984	Unicorn-39223.exe
592	Unicorn-25383.exe
2276	Unicorn-9368.exe
1728	Unicorn-62527.exe
2156	Unicorn-37848.exe
1904	Unicorn-30064.exe
1636	Unicorn-10198.exe
848	Unicorn-47750.exe
1556	Unicorn-48512.exe
1044	Unicorn-34021.exe
236	Unicorn-65424.exe
1460	Unicorn-16224.exe
1704	Unicorn-40728.exe
1604	Unicorn-48896.exe
2580	Unicorn-20670.exe
1468	Unicorn-60551.exe
2200	Unicorn-46986.exe
1876	Unicorn-3758.exe
880	Unicorn-6457.exe
1656	Unicorn-13208.exe
2400	Unicorn-24138.exe
1660	Unicorn-40785.exe
1584	Unicorn-65362.exe
2220	Unicorn-13675.exe
1780	Unicorn-25757.exe
2916	Unicorn-8579.exe
2900	Unicorn-57853.exe
2876	Unicorn-17971.exe
2848	Unicorn-59773.exe
2920	Unicorn-59773.exe
1456	Unicorn-32537.exe
1672	Unicorn-37713.exe
2724	Unicorn-18165.exe
2260	Unicorn-54044.exe
2104	Unicorn-34370.exe
1724	Unicorn-54236.exe
480	Unicorn-21372.exe
636	Unicorn-29377.exe
1884	Unicorn-44444.exe
1248	Unicorn-24578.exe
2012	Unicorn-40722.exe
1960	Unicorn-53498.exe
1688	Unicorn-58559.exe
2252	Unicorn-58559.exe
2320	Unicorn-63582.exe
1784	Unicorn-38885.exe
1708	Unicorn-61247.exe
1196	Unicorn-19063.exe
1720	Unicorn-12932.exe
1796	Unicorn-24277.exe
1892	Unicorn-47158.exe

Loads dropped DLL 64 IoCs

pid	Process
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2588	Unicorn-25868.exe
2588	Unicorn-25868.exe
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2376	Unicorn-56926.exe
2376	Unicorn-56926.exe
316	Unicorn-10527.exe
316	Unicorn-10527.exe
2588	Unicorn-25868.exe
2588	Unicorn-25868.exe
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2928	Unicorn-49547.exe
2928	Unicorn-49547.exe
316	Unicorn-10527.exe
316	Unicorn-10527.exe
2708	Unicorn-24423.exe
2708	Unicorn-24423.exe
2588	Unicorn-25868.exe
2376	Unicorn-56926.exe
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2588	Unicorn-25868.exe
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2376	Unicorn-56926.exe
2552	Unicorn-57907.exe
2552	Unicorn-57907.exe
2204	Unicorn-29681.exe
2204	Unicorn-29681.exe
2740	Unicorn-28402.exe
2740	Unicorn-28402.exe
316	Unicorn-10527.exe
316	Unicorn-10527.exe
2732	Unicorn-39908.exe
2732	Unicorn-39908.exe
2984	Unicorn-38958.exe
2984	Unicorn-38958.exe
2708	Unicorn-24423.exe
2708	Unicorn-24423.exe
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
776	Unicorn-19357.exe
776	Unicorn-19357.exe
2376	Unicorn-56926.exe
2376	Unicorn-56926.exe
2856	Unicorn-15595.exe
2856	Unicorn-15595.exe
1984	Unicorn-39223.exe
1984	Unicorn-39223.exe
1968	Unicorn-33092.exe
1968	Unicorn-33092.exe
592	Unicorn-25383.exe
592	Unicorn-25383.exe
2928	Unicorn-49547.exe
2928	Unicorn-49547.exe
2552	Unicorn-57907.exe
2552	Unicorn-57907.exe
2588	Unicorn-25868.exe
2588	Unicorn-25868.exe
2204	Unicorn-29681.exe
2204	Unicorn-29681.exe
2276	Unicorn-9368.exe
2276	Unicorn-9368.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3984	3036	WerFault.exe	113

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51764.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
2588	Unicorn-25868.exe
2376	Unicorn-56926.exe
316	Unicorn-10527.exe
2552	Unicorn-57907.exe
2928	Unicorn-49547.exe
2204	Unicorn-29681.exe
2708	Unicorn-24423.exe
2732	Unicorn-39908.exe
2740	Unicorn-28402.exe
2856	Unicorn-15595.exe
1968	Unicorn-33092.exe
2984	Unicorn-38958.exe
776	Unicorn-19357.exe
1984	Unicorn-39223.exe
592	Unicorn-25383.exe
2276	Unicorn-9368.exe
1728	Unicorn-62527.exe
2156	Unicorn-37848.exe
1904	Unicorn-30064.exe
1636	Unicorn-10198.exe
848	Unicorn-47750.exe
1556	Unicorn-48512.exe
1044	Unicorn-34021.exe
236	Unicorn-65424.exe
1704	Unicorn-40728.exe
1460	Unicorn-16224.exe
1604	Unicorn-48896.exe
2580	Unicorn-20670.exe
1468	Unicorn-60551.exe
2200	Unicorn-46986.exe
1876	Unicorn-3758.exe
880	Unicorn-6457.exe
1656	Unicorn-13208.exe
2400	Unicorn-24138.exe
1660	Unicorn-40785.exe
1584	Unicorn-65362.exe
2220	Unicorn-13675.exe
1780	Unicorn-25757.exe
2916	Unicorn-8579.exe
2900	Unicorn-57853.exe
2876	Unicorn-17971.exe
2920	Unicorn-59773.exe
2848	Unicorn-59773.exe
1456	Unicorn-32537.exe
2724	Unicorn-18165.exe
1672	Unicorn-37713.exe
2260	Unicorn-54044.exe
480	Unicorn-21372.exe
1724	Unicorn-54236.exe
2104	Unicorn-34370.exe
1884	Unicorn-44444.exe
636	Unicorn-29377.exe
1960	Unicorn-53498.exe
1248	Unicorn-24578.exe
2012	Unicorn-40722.exe
2252	Unicorn-58559.exe
1688	Unicorn-58559.exe
2320	Unicorn-63582.exe
1784	Unicorn-38885.exe
1720	Unicorn-12932.exe
1708	Unicorn-61247.exe
1196	Unicorn-19063.exe
1892	Unicorn-47158.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 2588	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	31
PID 2584 wrote to memory of 2588	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	31
PID 2584 wrote to memory of 2588	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	31
PID 2584 wrote to memory of 2588	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	31
PID 2588 wrote to memory of 2376	2588	Unicorn-25868.exe	32
PID 2588 wrote to memory of 2376	2588	Unicorn-25868.exe	32
PID 2588 wrote to memory of 2376	2588	Unicorn-25868.exe	32
PID 2588 wrote to memory of 2376	2588	Unicorn-25868.exe	32
PID 2584 wrote to memory of 316	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	33
PID 2584 wrote to memory of 316	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	33
PID 2584 wrote to memory of 316	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	33
PID 2584 wrote to memory of 316	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	33
PID 2376 wrote to memory of 2552	2376	Unicorn-56926.exe	34
PID 2376 wrote to memory of 2552	2376	Unicorn-56926.exe	34
PID 2376 wrote to memory of 2552	2376	Unicorn-56926.exe	34
PID 2376 wrote to memory of 2552	2376	Unicorn-56926.exe	34
PID 316 wrote to memory of 2928	316	Unicorn-10527.exe	35
PID 316 wrote to memory of 2928	316	Unicorn-10527.exe	35
PID 316 wrote to memory of 2928	316	Unicorn-10527.exe	35
PID 316 wrote to memory of 2928	316	Unicorn-10527.exe	35
PID 2588 wrote to memory of 2204	2588	Unicorn-25868.exe	36
PID 2588 wrote to memory of 2204	2588	Unicorn-25868.exe	36
PID 2588 wrote to memory of 2204	2588	Unicorn-25868.exe	36
PID 2588 wrote to memory of 2204	2588	Unicorn-25868.exe	36
PID 2584 wrote to memory of 2708	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	37
PID 2584 wrote to memory of 2708	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	37
PID 2584 wrote to memory of 2708	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	37
PID 2584 wrote to memory of 2708	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	37
PID 2928 wrote to memory of 2856	2928	Unicorn-49547.exe	38
PID 2928 wrote to memory of 2856	2928	Unicorn-49547.exe	38
PID 2928 wrote to memory of 2856	2928	Unicorn-49547.exe	38
PID 2928 wrote to memory of 2856	2928	Unicorn-49547.exe	38
PID 316 wrote to memory of 2740	316	Unicorn-10527.exe	39
PID 316 wrote to memory of 2740	316	Unicorn-10527.exe	39
PID 316 wrote to memory of 2740	316	Unicorn-10527.exe	39
PID 316 wrote to memory of 2740	316	Unicorn-10527.exe	39
PID 2708 wrote to memory of 2732	2708	Unicorn-24423.exe	40
PID 2708 wrote to memory of 2732	2708	Unicorn-24423.exe	40
PID 2708 wrote to memory of 2732	2708	Unicorn-24423.exe	40
PID 2708 wrote to memory of 2732	2708	Unicorn-24423.exe	40
PID 2588 wrote to memory of 1968	2588	Unicorn-25868.exe	41
PID 2588 wrote to memory of 1968	2588	Unicorn-25868.exe	41
PID 2588 wrote to memory of 1968	2588	Unicorn-25868.exe	41
PID 2588 wrote to memory of 1968	2588	Unicorn-25868.exe	41
PID 2584 wrote to memory of 2984	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	43
PID 2584 wrote to memory of 2984	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	43
PID 2584 wrote to memory of 2984	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	43
PID 2584 wrote to memory of 2984	2584	27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe	43
PID 2376 wrote to memory of 776	2376	Unicorn-56926.exe	42
PID 2376 wrote to memory of 776	2376	Unicorn-56926.exe	42
PID 2376 wrote to memory of 776	2376	Unicorn-56926.exe	42
PID 2376 wrote to memory of 776	2376	Unicorn-56926.exe	42
PID 2552 wrote to memory of 1984	2552	Unicorn-57907.exe	44
PID 2552 wrote to memory of 1984	2552	Unicorn-57907.exe	44
PID 2552 wrote to memory of 1984	2552	Unicorn-57907.exe	44
PID 2552 wrote to memory of 1984	2552	Unicorn-57907.exe	44
PID 2204 wrote to memory of 592	2204	Unicorn-29681.exe	45
PID 2204 wrote to memory of 592	2204	Unicorn-29681.exe	45
PID 2204 wrote to memory of 592	2204	Unicorn-29681.exe	45
PID 2204 wrote to memory of 592	2204	Unicorn-29681.exe	45
PID 2740 wrote to memory of 2276	2740	Unicorn-28402.exe	46
PID 2740 wrote to memory of 2276	2740	Unicorn-28402.exe	46
PID 2740 wrote to memory of 2276	2740	Unicorn-28402.exe	46
PID 2740 wrote to memory of 2276	2740	Unicorn-28402.exe	46

C:\Users\Admin\AppData\Local\Temp\27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe
"C:\Users\Admin\AppData\Local\Temp\27253e6eeb9c3d73ce8a9e735f9c11ba895b052f7a4b9b2c484cf363f1e22e85.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39223.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        8⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        7⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        6⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
        6⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        6⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        6⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        5⤵
        
        PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        7⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31314.exe
        6⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        6⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        5⤵
        
        PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        5⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32287.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9524.exe
        5⤵
        
        PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        5⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        5⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        6⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        5⤵
        
        PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
      4⤵
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        5⤵
        
        PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
      4⤵
      PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
      4⤵
      PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
      4⤵
      PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        7⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        7⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        6⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        5⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        6⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8105.exe
        5⤵
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        5⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        5⤵
        
        PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8751.exe
      4⤵
      PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        7⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        6⤵
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        6⤵
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        6⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        5⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
      4⤵
      PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
      4⤵
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
      4⤵
      PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
      4⤵
      PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
      4⤵
      PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
    3⤵
    PID:1268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
    3⤵
    PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
    3⤵
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
    3⤵
    PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        8⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64301.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        6⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
        6⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        6⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        5⤵
        
        PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        6⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        6⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        6⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        5⤵
        
        PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7853.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
      4⤵
      PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        7⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        6⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        6⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
        5⤵
        Executes dropped EXE
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        5⤵
        
        PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        5⤵
        
        PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
      4⤵
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        5⤵
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62149.exe
      4⤵
      PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34635.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
      4⤵
      PID:3036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220
        5⤵
        Program crash
        
        PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
      4⤵
      PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
      4⤵
      PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
      4⤵
      PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
      4⤵
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
      4⤵
      PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
    3⤵
    PID:1860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
    3⤵
    PID:3300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
    3⤵
    PID:4912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
    3⤵
    PID:5844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        6⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        6⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        5⤵
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17631.exe
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        5⤵
        
        PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57438.exe
      4⤵
      PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
      4⤵
      PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
      4⤵
      PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32287.exe
      4⤵
      PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        5⤵
        
        PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
      4⤵
      PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
      4⤵
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
    3⤵
    PID:3844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
    3⤵
    PID:4104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
    3⤵
    PID:4512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        5⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        5⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
      4⤵
      PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
      4⤵
      PID:5936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
      4⤵
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
      4⤵
      PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
    3⤵
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
    3⤵
    PID:2592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
    3⤵
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
    3⤵
    PID:4728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
      4⤵
      PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31314.exe
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
    3⤵
    PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4950.exe
    3⤵
    PID:5212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
    3⤵
    PID:3760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
    3⤵
    PID:4524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
    3⤵
    PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
  2⤵
  PID:284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
  2⤵
  PID:3896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
  2⤵
  PID:3752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
  2⤵
  PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe

Filesize
468KB

MD5
89c2987161b37759f07b25c47361dcb3

SHA1
e2277f81ff3dd8254e313d35f36e1fe0f7716202

SHA256
f56074ffab5ef533211b05469449c4dcd80c96d80ee5e29ae8e00eeb9cd3b1bc

SHA512
7e38b18c0b1455146b13729cbbf1298075fdba13f52db14986d8750c92adb9d6171b7cbbf41ec04282472d9af49ef32031d6e2be695ac6ee701316db02765f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe

Filesize
468KB

MD5
badc2173fc7ed9500505df69c32c2d95

SHA1
6247fcb0f6f7df9329cb474b98ec171340ba890d

SHA256
2031b31f73e2a1317bd19853a4893df88b27189de4eac65b34639ab7e5458cd8

SHA512
4c5a56bd0861dd167ff6a7f8431956641fa9052a6c9674abdb94f7d9ff9a6816754ce448f82053de7e189679ad9be999da9327b7a1d3030e4080be9191c8bd81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe

Filesize
468KB

MD5
4f527485fafe86f6cf8cc94beaeaf3f3

SHA1
953264f4b01c805343d7e9fa6d222b6889b05d1d

SHA256
25f1e7bf75b269dc4f9339aa77d2473e6211c316336665e3ae68af4860223834

SHA512
1e8a7ca47ce3e74449b0dd16d184fe6754d2cdee3ce7e710a2f15fd0da9586992f81a679a71aea2d4fca5d555c48de046e8f858ca24fa189877bed424eb674a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe

Filesize
468KB

MD5
cf9504a80cd5a2d6b2ed9b2cbd6a0d4f

SHA1
2a01caa232175b65773fbc0990b2a4cfcac3f240

SHA256
fac4c6431816f813650585c08aa8ab8ec94837f52b75a0166a25b4a09098def9

SHA512
07731e8c3aaf1b24f52116b91f92fb820ee05d1be59fd05612f87c2a5b774a770f843d7d45b76b59b435a7de9bc2f486151dfb5bdf0f2b51500be3b2a07dfd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe

Filesize
468KB

MD5
6814f4e99d977221c6a2f9e5751fad30

SHA1
d81a22abac48ab395e7c7de5e6ff45168e2e6619

SHA256
bdc8335fe4230fc79c34b0027ef53b005639883f9ada09cadb1d1cbfd0184671

SHA512
af83cb90d3c84ef13438bc0e50ddf5d4ec525ff89a838c4d5534b625d16f69dc0cd607be2b5201e2b03d7ec9f1d38b71fcd12af3e42c179e7ad20f3e9d881e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe

Filesize
468KB

MD5
924e78c89396f35713ea0dd91893d376

SHA1
732cf63bf44174523227cd3b222e1d03ceaeaa67

SHA256
7ca437e15a148d42d8278cea962231410fe6f79f060036660ffdd31069571a60

SHA512
97741ec977b2d4297062f7fdad623ed1d0fdb6e3d6749c623bf939e66e098e7e0bb06e9d23bc8d6972ce19791e6e04a317da4232fbdc7434af8543427af33a62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe

Filesize
468KB

MD5
ed52b764bac67b74771e4b639acb83e1

SHA1
02d12fa62c45b49a98c842dd71f9fe129859e4bf

SHA256
4f9d92362466cec4dff97295b7a1bcb15445528d295c9d0ef1e154f4d621651f

SHA512
d21ec39a906667a99b88a1a91cf08311ac5403eda8ca6a80156f04729b11c533479dac4fa6a299b51f6b41b8f74c98ab2bfe157b84a5dc88fd62f63660f1456b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe

Filesize
468KB

MD5
a4ad16751fe9ddf37b9f07be0a0fa04d

SHA1
cb3bd1f77621902a49e708618417c0138a86cf21

SHA256
e4c23e961792cb77b09d2ff00aeccd1708a547bc9c61e0d8d6d96f38ba442421

SHA512
e0bce5205dbe5d56995a9e521c637e59bbf1de63d864770c563d55bb35f06a2b8ac41946110f9e90558b70810e5914b63e947ab1d7f3114db54e8b1d722cc30c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe

Filesize
468KB

MD5
d08a694a45a196e16f9bfb1173b9630d

SHA1
497373e3f7bc738432bef4ed4001e6c949abc852

SHA256
2c8838bb9b276fa71e1db86deddbdb6810b0a9f976b6170d754027f60cbc4710

SHA512
560ad956b20404f05ea10121a828803117629fd334f9daedf190b2fdd955c258bfe800e912008f2db4e19427b52aa7dd764cb8959e97aa2609cd3b14eae29729

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe

Filesize
468KB

MD5
6eea2e587ea58b4a43e850ba4965af2c

SHA1
6838413a608ef07a67f0b766362214f01f32f88b

SHA256
60817f2f3fe050c70877f5f6bea809b8c9521ef3dfa2cbe4ac2e170cc0e9b25d

SHA512
49a4dc869d2454637bb1323ed8aab4d902d6b55811a7146b002209dd51a6cb137371e57e10ff0ab79d4dcabef35d89a1b60c74f5914cc445d5f4b36706a5c730

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe

Filesize
468KB

MD5
58fd7c212d2b23589e08ccde78ec9093

SHA1
6f9470a486fe4caf8b0f8e9134f1e3632bd5e5bf

SHA256
9afae91e0ad6ee66dddc652b9758443cbc9eaf7522402a03857a25ccdd61e379

SHA512
29d26c803ddd676b9f54fec96eb93207e80390f491a13b21d686dcdd549543ff5de9ce6ec1b79e9c354e9e8e8913e4801d8f8b2438f35f03bf78ce55418cc6e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe

Filesize
468KB

MD5
d935ab2215e9d9343166e7deb4ea717a

SHA1
e4a294addb8eb8489de52cde24ce839d3e1b2522

SHA256
4809a734e4b95dac3fd499f69db2d8d819c0b4643c86c3c8090d52b1ed508c28

SHA512
fe1191a1cda00059382bece8d32bd82066103b54e469d733e8023d88d1885bde17c775fae047b825d8ee1ad91853662c4061c2eb92a8506be25a2417fea6f2ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe

Filesize
468KB

MD5
6e9d62c3e401178f72e7b34de6ad3857

SHA1
bf96b248b21170b6e9acbee9ad1656b03373b729

SHA256
c9a9a75a325bfb305d610ec8fd77693fd43c165ff521c42cc4b118e3ceaaad20

SHA512
55e99d52c36562c3e3f9e2aa2fb174f52f70817b4d41894e700cbb009309dabbd2dcdeb146fa53d46c3b39e5466dc8ab2385a89391e930db68d4c84a5757855b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe

Filesize
468KB

MD5
1660fa5a8776c66ead4cbd3e36c39a1a

SHA1
39a06e899ad729d8469f276bdef4c6fad262f2c8

SHA256
0dd9155b553ea6137288ce0f28a3d0255b8f2e17421a69da6889d90ffcc69241

SHA512
bbcf9328a10932a899869b820c1ad80d78d15c61df8d527f17bc41e2d0e77afa0c44c22662391e7e39b81b34be278908ccf5e101d1d77d71a799399748a66263

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe

Filesize
468KB

MD5
2ec7037a9a8525b3a39eaa873be4dd7d

SHA1
d74ed84c61e246bbb6f82e9cd964bda8eded75af

SHA256
4bfe8fb718b60732d1a5a1efbce60c63b3ea2215afc38980df0b96c07a68f6c0

SHA512
ce924bf70f4a1db82b11f8deb566d72d61e300e726f3f974a15a0c12fbd5af22f714527e45ce07859cfc13a82c5180d27e09ac62307a02f63e54616ac9405510

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe

Filesize
468KB

MD5
dc34a61332333007fbd643c03d3816a1

SHA1
9bcf1e40391de95c23e85b5ecf226c6712411e38

SHA256
61fb4a15d3476d750052c8dd735c01bee0fce14c20a546e008be4b345214dc68

SHA512
2a07196f8bb3f4e12102735e91fb27a832eaec460bb13ccd901dacb0bf6178dbcf8d7685ef063e70fd73e297a67f465817519582479701395d7b5edbd8441dc9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39223.exe

Filesize
468KB

MD5
11388df3154308b128daa0e2e507c91a

SHA1
35e8c012a44411963871ee70f6ec8f601a8611a1

SHA256
7f9004c1d976f8b468127d0ffece473396f6a584450f0eb42f3b23126cd9b3e9

SHA512
3945433b45fcf9c5e13af993336d3c7c8ec60bfbec6620938417ff6e07d5f7b10fe3d895b2372a36603b5cec1bb85053cf9b0169639c38017b8890fa9826294e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe

Filesize
468KB

MD5
605a3c9331a8374a4a54aff7a7f61d16

SHA1
d6e4d6b95373c18030bda7b22ffb26a22f9c5a06

SHA256
5dcf1abe7ae79b8e568ad1042256a36c6f437577e205509fd5c024dda6377249

SHA512
5e78dde184fef6522fb8419ca44fba4880fc117d7f909bf819e86def7e8b0d18717b68dd0eabcc06cb882e7c1e386921c05582c80534b8fca840d154118c4037

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe

Filesize
468KB

MD5
2c41ef0c5fc72c6dd484d71d058b41d0

SHA1
4ebccef1e98663a2ffcbcb95591ab3a13539af49

SHA256
9568e1450d32fdd506a70dca7225069c00cea38f331ee24b4ded703a25958b18

SHA512
9bae8b85b66b849f4457a5f4e9914fcf66f5c7c45245cabba3882061bdf361da9d5c32f0b603192af981bc55cb31a7ab0b7f209898ca4ee7721d237eae79626f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe

Filesize
468KB

MD5
aca432002acc28b3c592febf1917e8c2

SHA1
36d2961b2423ba822ce91702cd87ff516021899c

SHA256
6e1c3c10cfda5892607604202bd9ae50ccb54af451441f5283f4e7022d80a83f

SHA512
22b66a3bf7f8a6f456898c8a980486e630d9b7a8603a3c94eee84db5488aae11895224f7917f2c14f8c9bf1cdb0fb4877167ef88441f91f140d410a4fa10ded4

Download Submit