4f16c4c8850814812484b61246a09d9680763b8abfcdc6ec8279b41297659704

Analysis

max time kernel
119s
max time network
20s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6420bff1e0a57b51f984f3d7e507c80N.exe
Size

468KB
MD5

b6420bff1e0a57b51f984f3d7e507c80
SHA1

371c2c2d2941e3fd580b1080b8622dcad5552dee
SHA256

4f16c4c8850814812484b61246a09d9680763b8abfcdc6ec8279b41297659704
SHA512

7dfad590700e1c45976d57337523a076581aab2d913c803eec352664ae9737a98a618e572e32a5805cdace5fd8ce94ff3f1bb43ed6563d2ff878f0c90ea1896e
SSDEEP

3072:yuH1ogAEIY5AtbY+zfHTffCL0ZOq+pppJEHCxVX7exMLEHoseclS:yuVoxYAtxz/TffofjnexmOose

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1072	Unicorn-46191.exe
2456	Unicorn-17577.exe
844	Unicorn-46912.exe
1912	Unicorn-53586.exe
2840	Unicorn-41696.exe
2764	Unicorn-10315.exe
2888	Unicorn-53394.exe
2724	Unicorn-8635.exe
2660	Unicorn-59543.exe
1008	Unicorn-46544.exe
1612	Unicorn-46907.exe
3000	Unicorn-970.exe
3016	Unicorn-15525.exe
2924	Unicorn-1235.exe
2372	Unicorn-13295.exe
2388	Unicorn-24623.exe
2348	Unicorn-59009.exe
1328	Unicorn-4032.exe
976	Unicorn-56570.exe
2084	Unicorn-15730.exe
664	Unicorn-15272.exe
2136	Unicorn-61209.exe
2524	Unicorn-48210.exe
2512	Unicorn-40042.exe
2360	Unicorn-54140.exe
1136	Unicorn-41888.exe
1000	Unicorn-23322.exe
1532	Unicorn-14391.exe
912	Unicorn-23876.exe
2072	Unicorn-28558.exe
2172	Unicorn-10175.exe
1664	Unicorn-9782.exe
1676	Unicorn-35033.exe
828	Unicorn-35247.exe
988	Unicorn-49537.exe
2324	Unicorn-43970.exe
2340	Unicorn-10166.exe
2548	Unicorn-7981.exe
2736	Unicorn-53591.exe
2720	Unicorn-3835.exe
2864	Unicorn-9263.exe
2844	Unicorn-9263.exe
3064	Unicorn-28338.exe
2636	Unicorn-17048.exe
2624	Unicorn-58848.exe
2776	Unicorn-34898.exe
2652	Unicorn-9574.exe
1056	Unicorn-38790.exe
2848	Unicorn-10763.exe
2792	Unicorn-64048.exe
2952	Unicorn-11448.exe
2396	Unicorn-40619.exe
2192	Unicorn-30782.exe
1804	Unicorn-26114.exe
696	Unicorn-6248.exe
1364	Unicorn-1609.exe
1128	Unicorn-25027.exe
2120	Unicorn-56217.exe
1012	Unicorn-56814.exe
1552	Unicorn-40478.exe
1548	Unicorn-14420.exe
1312	Unicorn-20036.exe
1772	Unicorn-58459.exe
2260	Unicorn-13150.exe

Loads dropped DLL 64 IoCs

pid	Process
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
1072	Unicorn-46191.exe
1072	Unicorn-46191.exe
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
2456	Unicorn-17577.exe
2456	Unicorn-17577.exe
1072	Unicorn-46191.exe
1072	Unicorn-46191.exe
844	Unicorn-46912.exe
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
844	Unicorn-46912.exe
1912	Unicorn-53586.exe
1912	Unicorn-53586.exe
2456	Unicorn-17577.exe
2456	Unicorn-17577.exe
2888	Unicorn-53394.exe
2888	Unicorn-53394.exe
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
844	Unicorn-46912.exe
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
844	Unicorn-46912.exe
2764	Unicorn-10315.exe
2764	Unicorn-10315.exe
1072	Unicorn-46191.exe
1072	Unicorn-46191.exe
2840	Unicorn-41696.exe
2840	Unicorn-41696.exe
1912	Unicorn-53586.exe
1912	Unicorn-53586.exe
2924	Unicorn-1235.exe
2924	Unicorn-1235.exe
2764	Unicorn-10315.exe
2764	Unicorn-10315.exe
3016	Unicorn-15525.exe
3016	Unicorn-15525.exe
1008	Unicorn-46544.exe
1008	Unicorn-46544.exe
1072	Unicorn-46191.exe
1072	Unicorn-46191.exe
2888	Unicorn-53394.exe
2888	Unicorn-53394.exe
1612	Unicorn-46907.exe
2660	Unicorn-59543.exe
1612	Unicorn-46907.exe
2660	Unicorn-59543.exe
844	Unicorn-46912.exe
844	Unicorn-46912.exe
2456	Unicorn-17577.exe
2456	Unicorn-17577.exe
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
2372	Unicorn-13295.exe
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
2372	Unicorn-13295.exe
2840	Unicorn-41696.exe
2840	Unicorn-41696.exe
2388	Unicorn-24623.exe
2388	Unicorn-24623.exe
1912	Unicorn-53586.exe
1912	Unicorn-53586.exe
2348	Unicorn-59009.exe
2348	Unicorn-59009.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4028	3308	WerFault.exe	210

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7904.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1096	b6420bff1e0a57b51f984f3d7e507c80N.exe
1072	Unicorn-46191.exe
2456	Unicorn-17577.exe
844	Unicorn-46912.exe
1912	Unicorn-53586.exe
2888	Unicorn-53394.exe
2764	Unicorn-10315.exe
2840	Unicorn-41696.exe
2724	Unicorn-8635.exe
1612	Unicorn-46907.exe
2924	Unicorn-1235.exe
3016	Unicorn-15525.exe
2660	Unicorn-59543.exe
3000	Unicorn-970.exe
1008	Unicorn-46544.exe
2372	Unicorn-13295.exe
2388	Unicorn-24623.exe
2348	Unicorn-59009.exe
1328	Unicorn-4032.exe
2084	Unicorn-15730.exe
976	Unicorn-56570.exe
2136	Unicorn-61209.exe
664	Unicorn-15272.exe
2360	Unicorn-54140.exe
2524	Unicorn-48210.exe
1136	Unicorn-41888.exe
2512	Unicorn-40042.exe
1000	Unicorn-23322.exe
1532	Unicorn-14391.exe
912	Unicorn-23876.exe
2072	Unicorn-28558.exe
2172	Unicorn-10175.exe
1664	Unicorn-9782.exe
1676	Unicorn-35033.exe
828	Unicorn-35247.exe
2324	Unicorn-43970.exe
988	Unicorn-49537.exe
2340	Unicorn-10166.exe
2548	Unicorn-7981.exe
2736	Unicorn-53591.exe
2720	Unicorn-3835.exe
2864	Unicorn-9263.exe
2844	Unicorn-9263.exe
2776	Unicorn-34898.exe
2652	Unicorn-9574.exe
2624	Unicorn-58848.exe
3064	Unicorn-28338.exe
2636	Unicorn-17048.exe
1056	Unicorn-38790.exe
2792	Unicorn-64048.exe
2848	Unicorn-10763.exe
2952	Unicorn-11448.exe
2396	Unicorn-40619.exe
2192	Unicorn-30782.exe
696	Unicorn-6248.exe
1804	Unicorn-26114.exe
1364	Unicorn-1609.exe
2120	Unicorn-56217.exe
1128	Unicorn-25027.exe
1552	Unicorn-40478.exe
1012	Unicorn-56814.exe
1548	Unicorn-14420.exe
1312	Unicorn-20036.exe
1772	Unicorn-58459.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1072	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	29
PID 1096 wrote to memory of 1072	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	29
PID 1096 wrote to memory of 1072	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	29
PID 1096 wrote to memory of 1072	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	29
PID 1072 wrote to memory of 2456	1072	Unicorn-46191.exe	30
PID 1072 wrote to memory of 2456	1072	Unicorn-46191.exe	30
PID 1072 wrote to memory of 2456	1072	Unicorn-46191.exe	30
PID 1072 wrote to memory of 2456	1072	Unicorn-46191.exe	30
PID 1096 wrote to memory of 844	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	31
PID 1096 wrote to memory of 844	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	31
PID 1096 wrote to memory of 844	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	31
PID 1096 wrote to memory of 844	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	31
PID 2456 wrote to memory of 1912	2456	Unicorn-17577.exe	32
PID 2456 wrote to memory of 1912	2456	Unicorn-17577.exe	32
PID 2456 wrote to memory of 1912	2456	Unicorn-17577.exe	32
PID 2456 wrote to memory of 1912	2456	Unicorn-17577.exe	32
PID 1072 wrote to memory of 2840	1072	Unicorn-46191.exe	33
PID 1072 wrote to memory of 2840	1072	Unicorn-46191.exe	33
PID 1072 wrote to memory of 2840	1072	Unicorn-46191.exe	33
PID 1072 wrote to memory of 2840	1072	Unicorn-46191.exe	33
PID 1096 wrote to memory of 2764	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	35
PID 1096 wrote to memory of 2764	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	35
PID 1096 wrote to memory of 2764	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	35
PID 1096 wrote to memory of 2764	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	35
PID 844 wrote to memory of 2888	844	Unicorn-46912.exe	34
PID 844 wrote to memory of 2888	844	Unicorn-46912.exe	34
PID 844 wrote to memory of 2888	844	Unicorn-46912.exe	34
PID 844 wrote to memory of 2888	844	Unicorn-46912.exe	34
PID 1912 wrote to memory of 2724	1912	Unicorn-53586.exe	36
PID 1912 wrote to memory of 2724	1912	Unicorn-53586.exe	36
PID 1912 wrote to memory of 2724	1912	Unicorn-53586.exe	36
PID 1912 wrote to memory of 2724	1912	Unicorn-53586.exe	36
PID 2456 wrote to memory of 2660	2456	Unicorn-17577.exe	37
PID 2456 wrote to memory of 2660	2456	Unicorn-17577.exe	37
PID 2456 wrote to memory of 2660	2456	Unicorn-17577.exe	37
PID 2456 wrote to memory of 2660	2456	Unicorn-17577.exe	37
PID 2888 wrote to memory of 1008	2888	Unicorn-53394.exe	38
PID 2888 wrote to memory of 1008	2888	Unicorn-53394.exe	38
PID 2888 wrote to memory of 1008	2888	Unicorn-53394.exe	38
PID 2888 wrote to memory of 1008	2888	Unicorn-53394.exe	38
PID 1096 wrote to memory of 3000	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	39
PID 1096 wrote to memory of 3000	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	39
PID 1096 wrote to memory of 3000	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	39
PID 1096 wrote to memory of 3000	1096	b6420bff1e0a57b51f984f3d7e507c80N.exe	39
PID 844 wrote to memory of 1612	844	Unicorn-46912.exe	40
PID 844 wrote to memory of 1612	844	Unicorn-46912.exe	40
PID 844 wrote to memory of 1612	844	Unicorn-46912.exe	40
PID 844 wrote to memory of 1612	844	Unicorn-46912.exe	40
PID 2764 wrote to memory of 2924	2764	Unicorn-10315.exe	41
PID 2764 wrote to memory of 2924	2764	Unicorn-10315.exe	41
PID 2764 wrote to memory of 2924	2764	Unicorn-10315.exe	41
PID 2764 wrote to memory of 2924	2764	Unicorn-10315.exe	41
PID 1072 wrote to memory of 3016	1072	Unicorn-46191.exe	42
PID 1072 wrote to memory of 3016	1072	Unicorn-46191.exe	42
PID 1072 wrote to memory of 3016	1072	Unicorn-46191.exe	42
PID 1072 wrote to memory of 3016	1072	Unicorn-46191.exe	42
PID 2840 wrote to memory of 2372	2840	Unicorn-41696.exe	43
PID 2840 wrote to memory of 2372	2840	Unicorn-41696.exe	43
PID 2840 wrote to memory of 2372	2840	Unicorn-41696.exe	43
PID 2840 wrote to memory of 2372	2840	Unicorn-41696.exe	43
PID 1912 wrote to memory of 2388	1912	Unicorn-53586.exe	44
PID 1912 wrote to memory of 2388	1912	Unicorn-53586.exe	44
PID 1912 wrote to memory of 2388	1912	Unicorn-53586.exe	44
PID 1912 wrote to memory of 2388	1912	Unicorn-53586.exe	44

C:\Users\Admin\AppData\Local\Temp\b6420bff1e0a57b51f984f3d7e507c80N.exe
"C:\Users\Admin\AppData\Local\Temp\b6420bff1e0a57b51f984f3d7e507c80N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55830.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37069.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        7⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        7⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        6⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
        7⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
        6⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        6⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        5⤵
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        7⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        7⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1614.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        6⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        5⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        5⤵
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        6⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
        6⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
        5⤵
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42688.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        5⤵
        
        PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        5⤵
        
        PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
      4⤵
      PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
      4⤵
      PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      4⤵
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
      4⤵
      PID:4484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        6⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        6⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        6⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        5⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        5⤵
        
        PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64575.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        5⤵
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
        5⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
      4⤵
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64776.exe
      4⤵
      PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
      4⤵
      PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15525.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        6⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        6⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
        5⤵
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        5⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        5⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        5⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
      4⤵
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        5⤵
        
        PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39356.exe
      4⤵
      PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
      4⤵
      PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58459.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
      4⤵
      PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
    3⤵
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
      4⤵
      PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
      4⤵
      PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
    3⤵
    PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
    3⤵
    PID:2492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
    3⤵
    PID:3840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
    3⤵
    PID:3260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
    3⤵
    PID:4684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58848.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        7⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
        6⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        6⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        6⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        5⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        6⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33460.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41018.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
        5⤵
        
        PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
      4⤵
      PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
      4⤵
      PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
        6⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        5⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        5⤵
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        5⤵
        
        PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
        5⤵
        
        PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
      4⤵
      PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
      4⤵
      PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
      4⤵
      PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      4⤵
      PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
      4⤵
      PID:4272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
    3⤵
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
    3⤵
    PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        6⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        6⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        5⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        5⤵
        
        PID:3308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 188
        6⤵
        Program crash
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        6⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        5⤵
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        5⤵
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        5⤵
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
      4⤵
      PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
      4⤵
      PID:4656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        6⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        5⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
        5⤵
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6248.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        5⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        5⤵
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
      4⤵
      PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
      4⤵
      PID:4964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
      4⤵
      PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15573.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
      4⤵
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
    3⤵
    PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
    3⤵
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
    3⤵
    PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
    3⤵
    PID:3948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
    3⤵
    PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
    3⤵
    PID:4816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
      4⤵
      Executes dropped EXE
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
        5⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
      4⤵
      PID:400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
      4⤵
      PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
    3⤵
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
      4⤵
      PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
    3⤵
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
    3⤵
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
    3⤵
    PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
    3⤵
    PID:4296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
      4⤵
      PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
      4⤵
      PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
    3⤵
    PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
    3⤵
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
    3⤵
    PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
    3⤵
    PID:4736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
    3⤵
    PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
    3⤵
    PID:1504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
    3⤵
    PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
    3⤵
    PID:4508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
  2⤵
  PID:2216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
  2⤵
  PID:1724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
  2⤵
  PID:3324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
  2⤵
  PID:3080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
  2⤵
  PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe

Filesize
468KB

MD5
b17bac6601104b3951c9b7430e744661

SHA1
25ae50ba43eea3f06e6451c6fe3452bb995db2ec

SHA256
ac74b528d477574a24f5e6e254566d2c5da028977933d086f3e829c5b3d03d0d

SHA512
2201c5d4cffd88c2fe1039c83f0f2d25f1ff0bf9dc7f276ba565938ddfd72fd135789bcce94c8a7e6e624d51acfce26ff09e84db34e59bfd87c56670c3a81510

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe

Filesize
468KB

MD5
cf127c3e56a394a3cb316256f863720f

SHA1
688adb95ed1d4e09fd59ebe00f6f89a63e39a49d

SHA256
45c111484df7b60a9aae6f78831c361cf53a4b4c6d312a1ecef677bb6b5097bd

SHA512
3ff4016d46ae28cea65e8438170677b71eb981d1da2cc59caa7cb276c6b713b8c72bc3be2473a85a1ba077dfd98ae1430f2b05cccb3953caf4a5219e80caa667

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe

Filesize
468KB

MD5
675226d5c3d8ff0d63eefb3121dfbd13

SHA1
55122fa196eaebd962bed86e052ec9ed84cb967b

SHA256
3e1e0e3a1dc575721869a8505cd2b760105967ea09432dfc59f71d44f9570071

SHA512
054e1c6846e4efb2bec275f0b190ee332120171413f69ad89facf78e8ba0f7a22a892b4473f66e3e0c1ca8fe8c05370f24ba5a95c498eea8e9154985f144d795

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe

Filesize
468KB

MD5
846bde0305e80136cb42db272535874a

SHA1
30f775767b9bf87bfebbecb6ed8044aae60a7056

SHA256
1337b277f8c342373ec780cc60c04d5025ca52afdf28c94a94edc25d2b38754f

SHA512
9c9931dbe01fb86dd2bdadfc7573acf96dd3c9ec38bdcd9b55c062c6548ed2284a63a162a2d6340b2bf5ee281f177edcd4796ec61867adabe53402d7f181699d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe

Filesize
468KB

MD5
f726a5de09e6b88ce08964d08bd8581d

SHA1
b8d67ce0a7a02e51260d01976602ef06db4c7aba

SHA256
1ae3c0aaabfa71c597f38340edad4c57ceef1fa476d856b4910dbfbf3eff2af3

SHA512
aadbcb9602f5f4df493157be308d5ecb0ac1b873ae9f1a0e4faf9a75c95bc0efb37982c6756068ae481026b639e63371f8cafea82a9840309abb0e39e8c7e67b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe

Filesize
468KB

MD5
78773e5be4eea1f1f047ec3922464e69

SHA1
a4cd18acef15d034ca4a5c67ad6d81ee0b2a21cf

SHA256
8ba521a2143e1566ff4e32201b6727f798b16a31d5fe1bd8117945edad7d79f3

SHA512
d6d6c309e1e621195ae41f1943edbe068eb48a078224b22cf80dbe72772bd1f0740a88ffab3e1150ac68296758376e353addba71b3e4f526161f27db147cbae2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe

Filesize
468KB

MD5
ff3f40b6e6eb6e0553f15fd1d43bd04f

SHA1
ea4c0adb207789203b4cc0d3f8a0f1009f4da684

SHA256
7d6c7b6702c3f6e83289e46b50ef978f4b74c8cc2aaad1dc41d112d8ae2aea4f

SHA512
f7639bca32f13df42dda4ed73025762fe0002a6219f63f70b70223da73818c229113941016e801abff749147449a7e36e0b45996200a406b082463fce61eb1ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe

Filesize
468KB

MD5
b186bd44fcfa8d7bc60a97586d1765e2

SHA1
5b1bf81f378f877548b99a024da210bebabad0c0

SHA256
45c700364bfe40fe6a693ca2beee2d00b407573d68897d2904dff51436ab855c

SHA512
3e4099e93655b7d7768f7fafb4d7736dccd9aab48cba351c8170a674c953f94490f40f4916e3de3c050446e595b4a74ca989a7b85e0fd0a339af36ca1ed5f34b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15525.exe

Filesize
468KB

MD5
51ed0d0315e1f9634146972f642ab45e

SHA1
13d7c74f1cad8184183db6d7ddb2bd9ef094f599

SHA256
44fab9e61e6ac6b61f2e1f1df8240a1bdbcb0f32575fe334c90aee5a28c6ab76

SHA512
3799cace35a48ff7bdc670ec0cfa74a050fc074f875aa6613b042cf320ae223ef722ba30f8c6aca29d83dfb3458be2209783fcc9ffe0c32fc864649ca54ec43a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe

Filesize
468KB

MD5
2eaa5968430eed2bb9e93a66e5f5a212

SHA1
ed1c0c648243113587f484313dcb874b4fcd97ef

SHA256
6ffbb013aff735aaf2dded1ef1fa820e09f90df4cafe5937efe1750f6a64ab20

SHA512
eb69abe39ea9d7aa39a06d46aa9d9d2a36d911ca15b647c66538b0e46e6530f88eab82784361b095ee061cb52b616cd01b89f545bf7114785c4c6b865c90f525

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe

Filesize
468KB

MD5
a9ec3348f14fe9da2c0d1a6f2d0710e3

SHA1
9ffcee1ef0139a712d408e1d7bf053f78a686b56

SHA256
9c8e11422f24cde4446d261c41807ea98c1c03974cce7a8c2bcfc97d73251858

SHA512
7aa54775a2f3d153e2a59f34d59f29e4a0e942c7d4c8936c49948b9ba4e089164f9df8ba080978a051bccb71f4dd1f37c22bcccc115a6518c45fb7659c9f15e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe

Filesize
468KB

MD5
e08e4e935660fc73eb2644f556d10dde

SHA1
0154728146273e076ba6d7b307595ad9c2e6e513

SHA256
ea88fffc36f57f4af2a083ae96c112fa663b7c66f5f832fd91adba3d3d95e4bc

SHA512
b263aea7ce68b82ae98ca2da09e7fef66c602a0c15a8015847c37b87abb1a804890a319f262501bbf7ee4ab5033556c0092ae8041c54ffe89eccc038e9237cb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe

Filesize
468KB

MD5
2036bc515e63d34363109d28f53ca0f5

SHA1
5af270716306ccc6b8177830833b30ed0b7980e5

SHA256
d3f1dd1ac5d05b3488c7b03eb52c9e079b69f9bbfddd56105588b27acd1bbff9

SHA512
92eeb425621e86bb6a687d967b09e7911a4f79a8bd89c1340614619704b23ca6ee9ba04dc77db4fbc43960ab85643860f283ca0feef017983cc8364f6bca6fa6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe

Filesize
468KB

MD5
dffd888a2386c413cb0a8500771d5790

SHA1
9837e2b49b20094b6c9068ae85573e7d7e01d342

SHA256
101aef65e05ab15b04ba05e20660d2fec94ff58334e3018703856d06de4de324

SHA512
3f855441cc084c66881b76763dbba91327b44f5ca4900c61612e57b179890bba13e4fd35912312bf026bf1ea9afbef104d8d949c1719eedd9382267753f559a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe

Filesize
468KB

MD5
10f782cc901ab91d59638e50f2c2f94e

SHA1
113faadf7d94bfab726f29f11d7067f36a3e2a50

SHA256
bc14000d479157bc1b4fec2909a8fa2637c1b15376f4df24d34bf612a40dc867

SHA512
c6538f6ee43c5f3055d132c2648426447c74a1ac0d9632a7fbc486e18457d1fae6b1ee909c083216e0145e45143dc27722bb6e78a772c030030d8a862fdccc41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe

Filesize
468KB

MD5
af2f9fa98f0ff79ae211c5d3d885ef40

SHA1
b42b4b9b12c1d6ae766cbbce2f096c91f21e1518

SHA256
be7c6b41eec2329ad044d693b2cbd871827b950634fad31f63a8782fbc245844

SHA512
6e20e7e24b2b34508145d8156b18bd90c49c6482a9514f8d894096b6a7f30a4ed154a30426ad01480cbd6e29baf2b567b245944b778b10d9b0559588565d5950

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe

Filesize
468KB

MD5
6d412a94720829e2292b5699584ecf94

SHA1
25329ac86bceb809aba19c320c5da3af3c02f2fb

SHA256
d8d53676d721aa74cad217f52f97a0887cab74a28f11fa803f0305fe877b424e

SHA512
e8f2dede461a3398fd6dc05a8633db8f0a66e30f183fe2ca880fdc8ad49853c4eca56af5c64adf22e29e195bf90469879a612ea019af1fe7f238df43bdcf1f29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe

Filesize
468KB

MD5
0098310505240d5fdf79949655466b4e

SHA1
025d1acbc9615596af46ac061f96cb78c65017ae

SHA256
960eab9c5981dd6a2cf3207e24cbd2ec9ef3591421e6f0a0961be32ae4b8ee43

SHA512
c015730205fef31c6bc7986dcc99de97b22a91c8cae52a59ce553c22a09b5acbded1f89ed7b7463d5be8ba8826a43418bef2310a0e733b5392d4f814e48d390b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe

Filesize
468KB

MD5
79f6b9c430ea8016ce02f3bd5331044e

SHA1
6203752c760b49c024db2c907afab97a7f573eed

SHA256
4bcd29bf95ddf462d12fa3fc6d1ada6ee201125f54cf4c17e1fc06e994cb34ba

SHA512
a6819f8b7e0c7fd1b7663a80e760ce7588d492376fd3c82bf6e1570f0fa9ed271cab255481473cac48416d5c2af3a8741b73f6632c545bc3baf9bc4b5fdd66a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe

Filesize
468KB

MD5
2c1f6ab540681819693b5500b62778b1

SHA1
9d43a0eebac29c441ad27814d7142ab702596b99

SHA256
715cdd4d01206a0c473a70f77b0f61f64a4fc75635e57d416680bea966e97a5f

SHA512
b0ca6912db624e278def4765219b72bf86571d4144445ee68af573d6dbe25b8fecac906034fcceebf09c9f31d1e3a6df3db9a183e2086081f07ee7d4aa22d5d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-970.exe

Filesize
468KB

MD5
6412f9f0a39b44baf62a3aa48362b152

SHA1
7bc5f0c30b6c1fe3180c162a17dd69140f74bc44

SHA256
33c113a39f1003e058cb024417fa288d9e552654019af07b22bcf49afebbfe7e

SHA512
9fbabccc0d41b662fe0fb0a81532379bc6c029f42b872376d2301e93493c66acfcc2d49c59341d6c7b5c5505392f7130523c52a463e7e0631bd0ed2a85be8bae

Download Submit