84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
Size

468KB
MD5

fe1ff788ff56768f2ddf44cc2c2a0d12
SHA1

4a2db051ba9231712228de467c29e6543f4cda49
SHA256

84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05
SHA512

216f896ba849fd1c24c9c4073e8ce5664d64b1c1116ca4ef3423c10cdf00d9a5968cc3b3423cd4d776cc54bc37fafef044e63262ee4a17ada57cee2a3e425a8c
SSDEEP

3072:1G8DoEXOt05RFbYUX5mgvf8buCxKI0pGnLHewVSs9US+Tr6i+jl1v:1G8op8RF7XIgvfeYnA9UJv6i+f

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1896	Unicorn-44304.exe
1312	Unicorn-5767.exe
2388	Unicorn-8720.exe
2828	Unicorn-17927.exe
2168	Unicorn-521.exe
2716	Unicorn-46878.exe
2960	Unicorn-60613.exe
2560	Unicorn-13370.exe
2752	Unicorn-54211.exe
1784	Unicorn-48465.exe
2444	Unicorn-54330.exe
1696	Unicorn-14631.exe
496	Unicorn-34729.exe
2992	Unicorn-37910.exe
1664	Unicorn-54595.exe
3044	Unicorn-24585.exe
1812	Unicorn-2615.exe
2056	Unicorn-5952.exe
2328	Unicorn-5952.exe
700	Unicorn-61676.exe
3024	Unicorn-37099.exe
1808	Unicorn-31233.exe
1372	Unicorn-61298.exe
1616	Unicorn-20836.exe
2216	Unicorn-50171.exe
1952	Unicorn-39284.exe
1992	Unicorn-35946.exe
780	Unicorn-14587.exe
2332	Unicorn-32961.exe
1200	Unicorn-39092.exe
1448	Unicorn-3466.exe
896	Unicorn-20544.exe
2624	Unicorn-38298.exe
2476	Unicorn-64146.exe
1716	Unicorn-31282.exe
1736	Unicorn-31282.exe
2352	Unicorn-11416.exe
2616	Unicorn-61001.exe
2416	Unicorn-50040.exe
2200	Unicorn-39834.exe
2864	Unicorn-363.exe
2792	Unicorn-3316.exe
2704	Unicorn-18499.exe
2844	Unicorn-52133.exe
2700	Unicorn-32843.exe
2532	Unicorn-61069.exe
2192	Unicorn-61069.exe
316	Unicorn-56859.exe
2936	Unicorn-56859.exe
1104	Unicorn-38101.exe
1252	Unicorn-54437.exe
1052	Unicorn-34955.exe
2956	Unicorn-25910.exe
3036	Unicorn-53944.exe
1248	Unicorn-33118.exe
888	Unicorn-36264.exe
3008	Unicorn-52792.exe
2136	Unicorn-55214.exe
2104	Unicorn-52414.exe
2288	Unicorn-13798.exe
1100	Unicorn-22232.exe
2000	Unicorn-38952.exe
304	Unicorn-38687.exe
868	Unicorn-38075.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
1896	Unicorn-44304.exe
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
1896	Unicorn-44304.exe
2388	Unicorn-8720.exe
1312	Unicorn-5767.exe
1312	Unicorn-5767.exe
2388	Unicorn-8720.exe
1896	Unicorn-44304.exe
1896	Unicorn-44304.exe
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
2716	Unicorn-46878.exe
2828	Unicorn-17927.exe
2828	Unicorn-17927.exe
2716	Unicorn-46878.exe
2388	Unicorn-8720.exe
1896	Unicorn-44304.exe
2960	Unicorn-60613.exe
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
2168	Unicorn-521.exe
2388	Unicorn-8720.exe
1896	Unicorn-44304.exe
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
2168	Unicorn-521.exe
1312	Unicorn-5767.exe
1312	Unicorn-5767.exe
2960	Unicorn-60613.exe
2752	Unicorn-54211.exe
2752	Unicorn-54211.exe
2716	Unicorn-46878.exe
2716	Unicorn-46878.exe
2992	Unicorn-37910.exe
1784	Unicorn-48465.exe
2992	Unicorn-37910.exe
1784	Unicorn-48465.exe
2444	Unicorn-54330.exe
2444	Unicorn-54330.exe
1896	Unicorn-44304.exe
1896	Unicorn-44304.exe
1312	Unicorn-5767.exe
1312	Unicorn-5767.exe
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
2560	Unicorn-13370.exe
2560	Unicorn-13370.exe
2828	Unicorn-17927.exe
2828	Unicorn-17927.exe
1696	Unicorn-14631.exe
1696	Unicorn-14631.exe
2168	Unicorn-521.exe
2168	Unicorn-521.exe
496	Unicorn-34729.exe
496	Unicorn-34729.exe
2388	Unicorn-8720.exe
1664	Unicorn-54595.exe
2388	Unicorn-8720.exe
1664	Unicorn-54595.exe
2960	Unicorn-60613.exe
2960	Unicorn-60613.exe
2752	Unicorn-54211.exe
3044	Unicorn-24585.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4916	3676	WerFault.exe	273
4108	4144	WerFault.exe	367

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44920.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
1896	Unicorn-44304.exe
2388	Unicorn-8720.exe
1312	Unicorn-5767.exe
2828	Unicorn-17927.exe
2716	Unicorn-46878.exe
2960	Unicorn-60613.exe
2168	Unicorn-521.exe
2752	Unicorn-54211.exe
2560	Unicorn-13370.exe
2444	Unicorn-54330.exe
1784	Unicorn-48465.exe
1696	Unicorn-14631.exe
496	Unicorn-34729.exe
2992	Unicorn-37910.exe
1664	Unicorn-54595.exe
3044	Unicorn-24585.exe
1812	Unicorn-2615.exe
2328	Unicorn-5952.exe
2056	Unicorn-5952.exe
700	Unicorn-61676.exe
1808	Unicorn-31233.exe
3024	Unicorn-37099.exe
1616	Unicorn-20836.exe
1372	Unicorn-61298.exe
2216	Unicorn-50171.exe
1952	Unicorn-39284.exe
780	Unicorn-14587.exe
1992	Unicorn-35946.exe
1200	Unicorn-39092.exe
2332	Unicorn-32961.exe
1448	Unicorn-3466.exe
2624	Unicorn-38298.exe
896	Unicorn-20544.exe
1716	Unicorn-31282.exe
2352	Unicorn-11416.exe
1736	Unicorn-31282.exe
2616	Unicorn-61001.exe
2416	Unicorn-50040.exe
2200	Unicorn-39834.exe
2864	Unicorn-363.exe
2792	Unicorn-3316.exe
2704	Unicorn-18499.exe
2700	Unicorn-32843.exe
2844	Unicorn-52133.exe
2192	Unicorn-61069.exe
2532	Unicorn-61069.exe
316	Unicorn-56859.exe
2936	Unicorn-56859.exe
1104	Unicorn-38101.exe
1252	Unicorn-54437.exe
1052	Unicorn-34955.exe
2956	Unicorn-25910.exe
1248	Unicorn-33118.exe
3036	Unicorn-53944.exe
888	Unicorn-36264.exe
3008	Unicorn-52792.exe
2136	Unicorn-55214.exe
2104	Unicorn-52414.exe
1100	Unicorn-22232.exe
2288	Unicorn-13798.exe
2000	Unicorn-38952.exe
304	Unicorn-38687.exe
868	Unicorn-38075.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 1896	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	30
PID 2412 wrote to memory of 1896	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	30
PID 2412 wrote to memory of 1896	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	30
PID 2412 wrote to memory of 1896	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	30
PID 2412 wrote to memory of 1312	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	32
PID 2412 wrote to memory of 1312	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	32
PID 2412 wrote to memory of 1312	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	32
PID 2412 wrote to memory of 1312	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	32
PID 1896 wrote to memory of 2388	1896	Unicorn-44304.exe	31
PID 1896 wrote to memory of 2388	1896	Unicorn-44304.exe	31
PID 1896 wrote to memory of 2388	1896	Unicorn-44304.exe	31
PID 1896 wrote to memory of 2388	1896	Unicorn-44304.exe	31
PID 1312 wrote to memory of 2168	1312	Unicorn-5767.exe	35
PID 1312 wrote to memory of 2168	1312	Unicorn-5767.exe	35
PID 1312 wrote to memory of 2168	1312	Unicorn-5767.exe	35
PID 1312 wrote to memory of 2168	1312	Unicorn-5767.exe	35
PID 2388 wrote to memory of 2828	2388	Unicorn-8720.exe	34
PID 2388 wrote to memory of 2828	2388	Unicorn-8720.exe	34
PID 2388 wrote to memory of 2828	2388	Unicorn-8720.exe	34
PID 2388 wrote to memory of 2828	2388	Unicorn-8720.exe	34
PID 1896 wrote to memory of 2716	1896	Unicorn-44304.exe	36
PID 1896 wrote to memory of 2716	1896	Unicorn-44304.exe	36
PID 1896 wrote to memory of 2716	1896	Unicorn-44304.exe	36
PID 1896 wrote to memory of 2716	1896	Unicorn-44304.exe	36
PID 2412 wrote to memory of 2960	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	37
PID 2412 wrote to memory of 2960	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	37
PID 2412 wrote to memory of 2960	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	37
PID 2412 wrote to memory of 2960	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	37
PID 2828 wrote to memory of 2560	2828	Unicorn-17927.exe	39
PID 2828 wrote to memory of 2560	2828	Unicorn-17927.exe	39
PID 2828 wrote to memory of 2560	2828	Unicorn-17927.exe	39
PID 2828 wrote to memory of 2560	2828	Unicorn-17927.exe	39
PID 2716 wrote to memory of 2752	2716	Unicorn-46878.exe	38
PID 2716 wrote to memory of 2752	2716	Unicorn-46878.exe	38
PID 2716 wrote to memory of 2752	2716	Unicorn-46878.exe	38
PID 2716 wrote to memory of 2752	2716	Unicorn-46878.exe	38
PID 2388 wrote to memory of 496	2388	Unicorn-8720.exe	40
PID 2388 wrote to memory of 496	2388	Unicorn-8720.exe	40
PID 2388 wrote to memory of 496	2388	Unicorn-8720.exe	40
PID 2388 wrote to memory of 496	2388	Unicorn-8720.exe	40
PID 1896 wrote to memory of 1784	1896	Unicorn-44304.exe	41
PID 1896 wrote to memory of 1784	1896	Unicorn-44304.exe	41
PID 1896 wrote to memory of 1784	1896	Unicorn-44304.exe	41
PID 1896 wrote to memory of 1784	1896	Unicorn-44304.exe	41
PID 2412 wrote to memory of 2444	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	43
PID 2412 wrote to memory of 2444	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	43
PID 2412 wrote to memory of 2444	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	43
PID 2412 wrote to memory of 2444	2412	84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe	43
PID 2168 wrote to memory of 1696	2168	Unicorn-521.exe	44
PID 2168 wrote to memory of 1696	2168	Unicorn-521.exe	44
PID 2168 wrote to memory of 1696	2168	Unicorn-521.exe	44
PID 2168 wrote to memory of 1696	2168	Unicorn-521.exe	44
PID 1312 wrote to memory of 2992	1312	Unicorn-5767.exe	45
PID 1312 wrote to memory of 2992	1312	Unicorn-5767.exe	45
PID 1312 wrote to memory of 2992	1312	Unicorn-5767.exe	45
PID 1312 wrote to memory of 2992	1312	Unicorn-5767.exe	45
PID 2960 wrote to memory of 1664	2960	Unicorn-60613.exe	42
PID 2960 wrote to memory of 1664	2960	Unicorn-60613.exe	42
PID 2960 wrote to memory of 1664	2960	Unicorn-60613.exe	42
PID 2960 wrote to memory of 1664	2960	Unicorn-60613.exe	42
PID 2752 wrote to memory of 3044	2752	Unicorn-54211.exe	46
PID 2752 wrote to memory of 3044	2752	Unicorn-54211.exe	46
PID 2752 wrote to memory of 3044	2752	Unicorn-54211.exe	46
PID 2752 wrote to memory of 3044	2752	Unicorn-54211.exe	46

C:\Users\Admin\AppData\Local\Temp\84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe
"C:\Users\Admin\AppData\Local\Temp\84829a3d161b782fe9007c3dcda1edc097a3c9b3a35d7d8e2d50803c64b1ce05.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 188
        8⤵
        Program crash
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        7⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        6⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        7⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        6⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20607.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5490.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29077.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        7⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        6⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        6⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
        6⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        6⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
        5⤵
        
        PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        5⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
        5⤵
        
        PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        5⤵
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        5⤵
        
        PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        5⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        5⤵
        
        PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
      4⤵
      PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17905.exe
      4⤵
      PID:5044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38298.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        7⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        7⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        6⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        6⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55681.exe
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        6⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35448.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        7⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        6⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        6⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        6⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        5⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34052.exe
        6⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        5⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41421.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        5⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55268.exe
        6⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        6⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56356.exe
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
      4⤵
      PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
      4⤵
      PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      4⤵
      PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5952.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        5⤵
        Executes dropped EXE
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        6⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59139.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42975.exe
        6⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        5⤵
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
        5⤵
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
      4⤵
      PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        5⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        5⤵
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
      4⤵
      PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      4⤵
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
        5⤵
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        5⤵
        
        PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
      4⤵
      PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60872.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
      4⤵
      PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
      4⤵
      PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
      4⤵
      PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18002.exe
    3⤵
    PID:4028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
    3⤵
    PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
    3⤵
    PID:5476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        6⤵
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        6⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        5⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        5⤵
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
      4⤵
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
      4⤵
      PID:5452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5952.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        7⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        6⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        6⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        6⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
        6⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        6⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
      4⤵
      PID:5268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
      4⤵
      PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
      4⤵
      PID:5176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
      4⤵
      PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
    3⤵
    PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
    3⤵
    PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
    3⤵
    PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
    3⤵
    PID:5436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
        6⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59508.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        5⤵
        
        PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60872.exe
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
        6⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30905.exe
        5⤵
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
      4⤵
      PID:3676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 188
        5⤵
        Program crash
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
      4⤵
      PID:5348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
      4⤵
      PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
      4⤵
      PID:5256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
    3⤵
    PID:1280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
    3⤵
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
    3⤵
    PID:5188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54330.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54330.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59284.exe
        5⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        5⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        5⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
      4⤵
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
      4⤵
      PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
      4⤵
      PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
      4⤵
      PID:356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        5⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        5⤵
        
        PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
      4⤵
      PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
      4⤵
      PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17903.exe
      4⤵
      PID:6044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
    3⤵
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
    3⤵
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
    3⤵
    PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
    3⤵
    PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60775.exe
    3⤵
    PID:6004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
      4⤵
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        5⤵
        
        PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
      4⤵
      PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
      4⤵
      PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
    3⤵
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
    3⤵
    PID:3284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
    3⤵
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
    3⤵
    PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
    3⤵
    PID:6036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
    3⤵
    PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
    3⤵
    PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
    3⤵
    PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
    3⤵
    PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
    3⤵
    PID:5980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
  2⤵
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
    3⤵
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
  2⤵
  PID:1720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
  2⤵
  PID:3520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
  2⤵
  PID:4680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
  2⤵
  PID:4880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe

Filesize
468KB

MD5
a1fddd0a58c93d7aaece0d0bf309e3fe

SHA1
ff037011fea18cb0bcd19cef8819e9eb61071dbf

SHA256
54c755511b435c4a14f20ae152e2ddbf81e6b57a11e5cb15b52b09ec9cbcda12

SHA512
985339a83096b8455258c7bc9d16ec3700fdde6670dd24464a9fe10cd5ad213f62443349aca1009fdc74e046fceb42abd18b42884bfd0e36001891b420d9ec38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe

Filesize
468KB

MD5
33cdcfa2386c13ffc28cf19a4c0fd9a0

SHA1
ca5fc9831d7b47dbe604e15ee82f1e8e5ea4b7ed

SHA256
01bf3e8d87650c587b707aaf8efbdee4485799730e62b4a37c71bc84a77b3bb0

SHA512
ef0521ffb50bdbd46d1c236f06e6d3f3742d73612ceeec4af9bd3e292c250f4de35f7a6068a252d527654cdde6d3269c8686f9cb78ad4abeb9307fa44259035f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe

Filesize
468KB

MD5
5b4eb8ddb5d0b72b9bcbe4f5bd59596d

SHA1
a2ffe2645db261b2d920e0eb37a41bbbf7c9d101

SHA256
e082c0ae055dbde972c3568f63626ec8c32534f8d18642281f9a6768ab6adb77

SHA512
61fd3282306aaa8c4bbede8abdd9646abba1000930214a76e4583d209a50e3c022bd2a50e45618314e44a1078e4c597a28c8c340fe3f72ffb162ddfbb3d13781

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe

Filesize
468KB

MD5
f26a43bd4b15a1d3f8ae44c1b48b9c40

SHA1
b4848a7b93d54b24acb262e33239c0391b040cae

SHA256
6d3d3e9890b32697e9394c518f7d806c48e58fa915bcf37b0e9c9d0e121f215a

SHA512
04893e0f4341c805e6d7a5a6358487e9f6e37ff8a4136cccbe384d4e364875d056c0db4113b0b53d53bd64919fc561131dd725fb397b996127c9f55772bb7adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe

Filesize
468KB

MD5
592acaa9f3af828037bb937d22ab1290

SHA1
b6d2242ebc6818efd4457e1779386c5164a97233

SHA256
10e8dd4082ce83fa0412c11724b4a9355f1c093d57003966c94521097459a7da

SHA512
fae5dd988ab43d9b0366c38b839b13d1a44157c980fe34cf5d2b1680cae1f940cb6c4f251ffc3ca13244087b5ce3f9a375f8a6b803af2a01c041af3471cc7d95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17927.exe

Filesize
468KB

MD5
157f5cc544792f64472817ab62667c50

SHA1
9ccd85a3235d09c159a50c512abf1c675ce8f95e

SHA256
50240750cc157f62ee05f55db479eb690cf8d16764ea4444d8cd5baa3f91652a

SHA512
a5226cb07f6cef23d87a5aae83699a5e3f507bf142409b1cb50f5e8ddc08fb14bc4d9d7c85c90d2665eb066f7bbb8b1e6d5048262a92ca5a5802f5000967f459

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe

Filesize
468KB

MD5
20c48c4ca278d531e4a6e4b3c0f216be

SHA1
bd79de6482717a51ce476d483c30cac58ef61e85

SHA256
711eb25a9d414be4d636b2af6ccde6350803edb0faeb883329d0d80841955840

SHA512
4414f6ed62f44aa83f31b81cad6029ed6e4c9e7cb17864af22aba88725f7625b9f19e24cac160e5c8beabaa5fa876ca3d1ded63f1653daa2e59701e0cffc2ad9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe

Filesize
468KB

MD5
b3e7dca229ec78a38063e75824ffacff

SHA1
61477ba5c5ffb248b0bc6edbf285563785d652f8

SHA256
7405a7fd1dde82eba2ada953e2f9b3cd4e788039367798703daa0cb398d93bec

SHA512
987517e47a31953c10045bc9070d4d035b18e8d0b2bdd1bf47541c8cc4c723b458479370e24f2b16492c39aea06c905d3be65db369552dae84ca09f211d6b4bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe

Filesize
468KB

MD5
edb6f97fdcece9ce249bd368a12962dc

SHA1
1543a18319c091f51f19c9a152a37a083648c159

SHA256
3b3f135a41291bb9cc59c6cb00146594eacc52ecd790ef625a01cddf1cbe0066

SHA512
347c3828ab816a6bd25dc5c93e1c050351b3788ac8b89627bd4d36712fce09db8b91056c680122947126f182e31eddc13cdf36bddf750fa1c048259443afe824

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe

Filesize
468KB

MD5
217c598abcd131dbecbede1cd9c51853

SHA1
a7dd2ec81bd87d4f18b30c42fd6b507bb8dc6a99

SHA256
65bea14821c748037d3b2c030fa7308c75ccfd71fa74ee0ad27046a25af56eeb

SHA512
54e05d3b9758f12fa50abcde16c21adec7447207d72f9159da7120fa700fe40102a3d959730aac031c3aa00fdbdbf13c697d1ef05f02d45d998d511e24b68d0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe

Filesize
468KB

MD5
960d87d6873ae3628f654b114b4a2031

SHA1
eda93b452675b34e39a46f71d00916915897b34a

SHA256
03b13aeaf87005735ac55fe1a8cb38548c303d1d97adc3c1b25fe47f882abcfe

SHA512
574642553a145290a716abb61e4b22afce02002eb0447bb709faa8c0d89689936d3d0c6aebdd101efc9b25e189bf417d12d4e136c94c46fd27b1a461d702c329

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe

Filesize
468KB

MD5
ed6ce1fe1ce28d4075a104f670cba4a1

SHA1
b8a19266213560acfbfcbb66379485d670d8cc93

SHA256
f2394e1745e248a7f3df38112efa503f2f287adb144bdb476240328301df0b49

SHA512
ffa817b671ee28b00550086d8e88e4f1e09f634ac6a797ada38c895f3c0a657872037db334b8b08d7bba2392d47f0a45ce72bcb741c61836f973c574e116d75f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-521.exe

Filesize
468KB

MD5
e3e30115939e3974549401200a9acfac

SHA1
ebaa562d692e4a359bbfd62e24867899794626c6

SHA256
d5cfe923cc7dc6c97b6611dbad64d9184733adffb26efa41e09c1d7a3697f680

SHA512
ef075985ed3ac648690eb9a2704e5a250dea65f8b19ed67e30f83a4962820a914f5bea9e05a1c97be10b3edf152553b70bcaa72edc16eab328c17e2ca429ebeb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe

Filesize
468KB

MD5
758b0235202af902df7c6c057b2e3b2f

SHA1
939024d30994b0ea3e0b49d1255ff114b26a1d17

SHA256
0d182bcb05c2efbf8cdb488fb2322a3d3305648600a9d83c76d5e44d1532bc87

SHA512
fe258a6f45ac1516603c99a290f80d8ce58a2080c36723855def1abd547455a8f66172c21dcdf0f1ea9ebcc11fd3118fd0e6d5830a15d94d020a7137c4c660b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54330.exe

Filesize
468KB

MD5
421036205f0380ef739233d08037d7e1

SHA1
43cbbc64768030e570dee5bf484af333deb24671

SHA256
7c8c03b471b243c3caad4bc2e3c9a818f9ece8aed1a7b4eee2c152b9df019112

SHA512
797892fbeaa8b5b5a7adaaf70f62ce90742ea8af123d11c3bf2945e60db29fb1e745cb4a700aac9f5c0773d18ac98c30f515451533700b13ed90a5e3ecf5bb73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe

Filesize
468KB

MD5
de9d06b6fd116c67ff6325046ab85332

SHA1
9acb07603a6a29a700d69b3c101725e2472c2463

SHA256
7d4034beb3720608c92057afc1ffb59fa9ade3047f37a18b0c8758d676e34ea7

SHA512
b51c23e81471fcf53ce7d711437f6388bcc8ac6ff6b4b27dfd95a94c134595595a4abc4a7df31a7c771c7e220efc792f1a3f2c59275639dd053eeb6d39486e96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe

Filesize
468KB

MD5
f3ba3b47c2f6ff2f18ebef63bc6c0ea4

SHA1
1bfbff0f88c1a876a36c0bc6288f2f97d4821aed

SHA256
1bf6c81ea599659cdb0279b4c1a0f9afaef56deeed0237e9f5535310b69093d5

SHA512
001db86a45332a5e8d6daf87884cfb3d6e444d2d283f16b7f8c822b8e0b2b7f26801f26d662d30c55bbf2368b3625d944f00ea7d34db48d98049b73d315223f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5952.exe

Filesize
468KB

MD5
fadafcdbbe9866b7d2b45c7704c0cf58

SHA1
3750627aedf663c07ab2678515d312abc883afcf

SHA256
334b299320bfe92128cf3102089935babc51a141b7e02c0bd07cea9030f5ace8

SHA512
a0d84fc709aecd0a9fdf98bce36fb58f58f253156ab910969a0870a10bd711edaba7cf0b2c07a00b32c5ac9564775599e7eecce3927c5b0909edbf2c2205b8ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe

Filesize
468KB

MD5
7abc78f613db9ee64329ddcfb5c47473

SHA1
e00af2610d5eb6f70723d7d3fe3ad01cb861d057

SHA256
c8294bfbd1c76a3c64fc6d687ebf5e2fa8854ab757dd32043732e42babda5b5c

SHA512
078f66cb3856cc38a55fe3ac7af05e7ef70dd2b166928578708358412bc3e756261c092689380d4173d72990fbe5e6c8e5f5c32a33f0bf3784360ed9c5090866

Download Submit