75c29581cab55e2c6c5e9c4004abee406a034894ff887816045d172bfb36d8c5

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03/08/2024, 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e18335b5a2351e216d51fb7d6e75b30N.exe
Size

468KB
MD5

5e18335b5a2351e216d51fb7d6e75b30
SHA1

ae5709ef809514567d64ccf51b58456cab58e526
SHA256

75c29581cab55e2c6c5e9c4004abee406a034894ff887816045d172bfb36d8c5
SHA512

25716b028e5ee94e72d1eef61c090cded78f41138cb04635e59a0466ccc0b5b41d74789b3d8d7b35035a8cb7124ef7244077c195d72653afea63adee7178059e
SSDEEP

3072:1GeHo5IKq05aDbYpH5cOcf8/LChsP0p1nLHewVPPCPH+2SxsvQl+:1Guoe8aDuHSOcfwYIsCPeFxsv

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3064	Unicorn-32308.exe
2096	Unicorn-2144.exe
2196	Unicorn-2082.exe
2748	Unicorn-51937.exe
2884	Unicorn-55620.exe
2880	Unicorn-37246.exe
2020	Unicorn-32455.exe
2776	Unicorn-17916.exe
2680	Unicorn-44428.exe
3048	Unicorn-676.exe
1864	Unicorn-50453.exe
332	Unicorn-25684.exe
2516	Unicorn-50261.exe
1636	Unicorn-27794.exe
912	Unicorn-46348.exe
1128	Unicorn-7578.exe
2104	Unicorn-60458.exe
1036	Unicorn-9415.exe
320	Unicorn-17510.exe
1260	Unicorn-34112.exe
2364	Unicorn-30093.exe
828	Unicorn-57521.exe
1044	Unicorn-16494.exe
536	Unicorn-17257.exe
1784	Unicorn-37079.exe
1376	Unicorn-56945.exe
1736	Unicorn-28719.exe
1384	Unicorn-7744.exe
612	Unicorn-15913.exe
2268	Unicorn-12767.exe
2308	Unicorn-9227.exe
888	Unicorn-40054.exe
2544	Unicorn-35564.exe
1696	Unicorn-55622.exe
3056	Unicorn-27099.exe
2024	Unicorn-37999.exe
2112	Unicorn-60894.exe
2712	Unicorn-23967.exe
2456	Unicorn-47434.exe
2736	Unicorn-34164.exe
2960	Unicorn-39186.exe
2904	Unicorn-41564.exe
2840	Unicorn-22597.exe
2828	Unicorn-36733.exe
3040	Unicorn-915.exe
2704	Unicorn-3027.exe
2844	Unicorn-3100.exe
1236	Unicorn-6281.exe
2788	Unicorn-6281.exe
972	Unicorn-59929.exe
276	Unicorn-46352.exe
528	Unicorn-6281.exe
1676	Unicorn-8127.exe
1200	Unicorn-44034.exe
2860	Unicorn-35865.exe
1808	Unicorn-55731.exe
1416	Unicorn-34141.exe
572	Unicorn-56992.exe
2400	Unicorn-56992.exe
456	Unicorn-56032.exe
2256	Unicorn-63630.exe
1820	Unicorn-17761.exe
1040	Unicorn-22591.exe
2028	Unicorn-32871.exe

Loads dropped DLL 64 IoCs

pid	Process
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
3064	Unicorn-32308.exe
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
3064	Unicorn-32308.exe
2096	Unicorn-2144.exe
2096	Unicorn-2144.exe
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
3064	Unicorn-32308.exe
3064	Unicorn-32308.exe
2196	Unicorn-2082.exe
2196	Unicorn-2082.exe
2880	Unicorn-37246.exe
2880	Unicorn-37246.exe
2196	Unicorn-2082.exe
2196	Unicorn-2082.exe
2096	Unicorn-2144.exe
2748	Unicorn-51937.exe
2748	Unicorn-51937.exe
2884	Unicorn-55620.exe
2884	Unicorn-55620.exe
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
2020	Unicorn-32455.exe
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
2020	Unicorn-32455.exe
3064	Unicorn-32308.exe
3064	Unicorn-32308.exe
2096	Unicorn-2144.exe
2776	Unicorn-17916.exe
2776	Unicorn-17916.exe
2880	Unicorn-37246.exe
2880	Unicorn-37246.exe
1636	Unicorn-27794.exe
1636	Unicorn-27794.exe
3064	Unicorn-32308.exe
912	Unicorn-46348.exe
3064	Unicorn-32308.exe
912	Unicorn-46348.exe
2096	Unicorn-2144.exe
2096	Unicorn-2144.exe
332	Unicorn-25684.exe
332	Unicorn-25684.exe
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
1864	Unicorn-50453.exe
1864	Unicorn-50453.exe
2884	Unicorn-55620.exe
2884	Unicorn-55620.exe
3048	Unicorn-676.exe
3048	Unicorn-676.exe
2748	Unicorn-51937.exe
2516	Unicorn-50261.exe
2748	Unicorn-51937.exe
2516	Unicorn-50261.exe
2680	Unicorn-44428.exe
2680	Unicorn-44428.exe
2020	Unicorn-32455.exe
2020	Unicorn-32455.exe
2196	Unicorn-2082.exe
2196	Unicorn-2082.exe
1128	Unicorn-7578.exe
1128	Unicorn-7578.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4940	4184	WerFault.exe	375

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47562.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3012	5e18335b5a2351e216d51fb7d6e75b30N.exe
3064	Unicorn-32308.exe
2096	Unicorn-2144.exe
2196	Unicorn-2082.exe
2880	Unicorn-37246.exe
2748	Unicorn-51937.exe
2884	Unicorn-55620.exe
2020	Unicorn-32455.exe
2776	Unicorn-17916.exe
2680	Unicorn-44428.exe
3048	Unicorn-676.exe
332	Unicorn-25684.exe
1864	Unicorn-50453.exe
1636	Unicorn-27794.exe
2516	Unicorn-50261.exe
912	Unicorn-46348.exe
1128	Unicorn-7578.exe
2104	Unicorn-60458.exe
1036	Unicorn-9415.exe
1260	Unicorn-34112.exe
320	Unicorn-17510.exe
2364	Unicorn-30093.exe
828	Unicorn-57521.exe
1044	Unicorn-16494.exe
1376	Unicorn-56945.exe
1784	Unicorn-37079.exe
536	Unicorn-17257.exe
1736	Unicorn-28719.exe
1384	Unicorn-7744.exe
612	Unicorn-15913.exe
2268	Unicorn-12767.exe
2308	Unicorn-9227.exe
888	Unicorn-40054.exe
2544	Unicorn-35564.exe
1696	Unicorn-55622.exe
3056	Unicorn-27099.exe
2024	Unicorn-37999.exe
2112	Unicorn-60894.exe
2456	Unicorn-47434.exe
2712	Unicorn-23967.exe
2736	Unicorn-34164.exe
2960	Unicorn-39186.exe
2904	Unicorn-41564.exe
2840	Unicorn-22597.exe
2828	Unicorn-36733.exe
3040	Unicorn-915.exe
2704	Unicorn-3027.exe
2844	Unicorn-3100.exe
276	Unicorn-46352.exe
1236	Unicorn-6281.exe
1676	Unicorn-8127.exe
2788	Unicorn-6281.exe
528	Unicorn-6281.exe
972	Unicorn-59929.exe
1416	Unicorn-34141.exe
1200	Unicorn-44034.exe
2860	Unicorn-35865.exe
1808	Unicorn-55731.exe
572	Unicorn-56992.exe
456	Unicorn-56032.exe
2400	Unicorn-56992.exe
2256	Unicorn-63630.exe
1040	Unicorn-22591.exe
2028	Unicorn-32871.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 3064	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	29
PID 3012 wrote to memory of 3064	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	29
PID 3012 wrote to memory of 3064	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	29
PID 3012 wrote to memory of 3064	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	29
PID 3012 wrote to memory of 2096	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	31
PID 3012 wrote to memory of 2096	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	31
PID 3012 wrote to memory of 2096	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	31
PID 3012 wrote to memory of 2096	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	31
PID 3064 wrote to memory of 2196	3064	Unicorn-32308.exe	30
PID 3064 wrote to memory of 2196	3064	Unicorn-32308.exe	30
PID 3064 wrote to memory of 2196	3064	Unicorn-32308.exe	30
PID 3064 wrote to memory of 2196	3064	Unicorn-32308.exe	30
PID 2096 wrote to memory of 2748	2096	Unicorn-2144.exe	32
PID 2096 wrote to memory of 2748	2096	Unicorn-2144.exe	32
PID 2096 wrote to memory of 2748	2096	Unicorn-2144.exe	32
PID 2096 wrote to memory of 2748	2096	Unicorn-2144.exe	32
PID 3012 wrote to memory of 2884	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	33
PID 3012 wrote to memory of 2884	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	33
PID 3012 wrote to memory of 2884	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	33
PID 3012 wrote to memory of 2884	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	33
PID 3064 wrote to memory of 2020	3064	Unicorn-32308.exe	34
PID 3064 wrote to memory of 2020	3064	Unicorn-32308.exe	34
PID 3064 wrote to memory of 2020	3064	Unicorn-32308.exe	34
PID 3064 wrote to memory of 2020	3064	Unicorn-32308.exe	34
PID 2196 wrote to memory of 2880	2196	Unicorn-2082.exe	35
PID 2196 wrote to memory of 2880	2196	Unicorn-2082.exe	35
PID 2196 wrote to memory of 2880	2196	Unicorn-2082.exe	35
PID 2196 wrote to memory of 2880	2196	Unicorn-2082.exe	35
PID 2880 wrote to memory of 2776	2880	Unicorn-37246.exe	36
PID 2880 wrote to memory of 2776	2880	Unicorn-37246.exe	36
PID 2880 wrote to memory of 2776	2880	Unicorn-37246.exe	36
PID 2880 wrote to memory of 2776	2880	Unicorn-37246.exe	36
PID 2196 wrote to memory of 2680	2196	Unicorn-2082.exe	37
PID 2196 wrote to memory of 2680	2196	Unicorn-2082.exe	37
PID 2196 wrote to memory of 2680	2196	Unicorn-2082.exe	37
PID 2196 wrote to memory of 2680	2196	Unicorn-2082.exe	37
PID 2748 wrote to memory of 3048	2748	Unicorn-51937.exe	39
PID 2748 wrote to memory of 3048	2748	Unicorn-51937.exe	39
PID 2748 wrote to memory of 3048	2748	Unicorn-51937.exe	39
PID 2748 wrote to memory of 3048	2748	Unicorn-51937.exe	39
PID 2884 wrote to memory of 1864	2884	Unicorn-55620.exe	40
PID 2884 wrote to memory of 1864	2884	Unicorn-55620.exe	40
PID 2884 wrote to memory of 1864	2884	Unicorn-55620.exe	40
PID 2884 wrote to memory of 1864	2884	Unicorn-55620.exe	40
PID 3012 wrote to memory of 332	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	41
PID 3012 wrote to memory of 332	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	41
PID 3012 wrote to memory of 332	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	41
PID 3012 wrote to memory of 332	3012	5e18335b5a2351e216d51fb7d6e75b30N.exe	41
PID 2020 wrote to memory of 2516	2020	Unicorn-32455.exe	42
PID 2020 wrote to memory of 2516	2020	Unicorn-32455.exe	42
PID 2020 wrote to memory of 2516	2020	Unicorn-32455.exe	42
PID 2020 wrote to memory of 2516	2020	Unicorn-32455.exe	42
PID 3064 wrote to memory of 1636	3064	Unicorn-32308.exe	43
PID 3064 wrote to memory of 1636	3064	Unicorn-32308.exe	43
PID 3064 wrote to memory of 1636	3064	Unicorn-32308.exe	43
PID 3064 wrote to memory of 1636	3064	Unicorn-32308.exe	43
PID 2096 wrote to memory of 912	2096	Unicorn-2144.exe	38
PID 2096 wrote to memory of 912	2096	Unicorn-2144.exe	38
PID 2096 wrote to memory of 912	2096	Unicorn-2144.exe	38
PID 2096 wrote to memory of 912	2096	Unicorn-2144.exe	38
PID 2776 wrote to memory of 1128	2776	Unicorn-17916.exe	44
PID 2776 wrote to memory of 1128	2776	Unicorn-17916.exe	44
PID 2776 wrote to memory of 1128	2776	Unicorn-17916.exe	44
PID 2776 wrote to memory of 1128	2776	Unicorn-17916.exe	44

C:\Users\Admin\AppData\Local\Temp\5e18335b5a2351e216d51fb7d6e75b30N.exe
"C:\Users\Admin\AppData\Local\Temp\5e18335b5a2351e216d51fb7d6e75b30N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        10⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        10⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        7⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        7⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13410.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        7⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
        6⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40855.exe
        6⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        7⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
        6⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62495.exe
        6⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        6⤵
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        6⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
        5⤵
        
        PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        6⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        6⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        6⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        6⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        5⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        5⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        5⤵
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        6⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        6⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
        5⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        5⤵
        
        PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        5⤵
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
      4⤵
      PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
      4⤵
      PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
      4⤵
      PID:4184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 188
        5⤵
        Program crash
        
        PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        5⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27834.exe
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        5⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57219.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
        5⤵
        
        PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46751.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6834.exe
      4⤵
      PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37999.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
        6⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        6⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
        6⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23175.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        5⤵
        
        PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
        5⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        6⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        5⤵
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        5⤵
        
        PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        5⤵
        
        PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
      4⤵
      PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
      4⤵
      PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
      4⤵
      PID:4228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        5⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59045.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        5⤵
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
      4⤵
      PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
      4⤵
      PID:688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
      4⤵
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
      4⤵
      PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
      4⤵
      PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
      4⤵
      PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
    3⤵
    PID:764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55897.exe
    3⤵
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18791.exe
    3⤵
    PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
    3⤵
    PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51211.exe
    3⤵
    PID:4352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        7⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        6⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31078.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42334.exe
        6⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
        6⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        5⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        5⤵
        
        PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
      4⤵
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
      4⤵
      PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
      4⤵
      PID:4248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        6⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        6⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        6⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        5⤵
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        5⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55459.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        5⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
      4⤵
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        5⤵
        
        PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
      4⤵
      PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
      4⤵
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60237.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36002.exe
        6⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        5⤵
        
        PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        5⤵
        
        PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        5⤵
        
        PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
      4⤵
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
      4⤵
      PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
    3⤵
    PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
    3⤵
    PID:3196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42728.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        5⤵
        
        PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        5⤵
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        5⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35977.exe
        5⤵
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
        5⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11361.exe
      4⤵
      PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
      4⤵
      PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        5⤵
        
        PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24881.exe
        5⤵
        
        PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
      4⤵
      PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48914.exe
      4⤵
      PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1611.exe
      4⤵
      PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51437.exe
    3⤵
    PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
    3⤵
    PID:4128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
      4⤵
      PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
      4⤵
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
    3⤵
    PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
    3⤵
    PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
    3⤵
    PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
      4⤵
      PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
      4⤵
      PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32287.exe
    3⤵
    PID:584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
    3⤵
    PID:3412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
    3⤵
    PID:4120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
    3⤵
    PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
    3⤵
    PID:4504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
  2⤵
  PID:2484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
  2⤵
  PID:324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
  2⤵
  PID:3080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
  2⤵
  PID:3236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
  2⤵
  PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe

Filesize
468KB

MD5
bbc91774e129fb8c144d67a7532ed25b

SHA1
849f7686abeb085270accf033f00aad274ec4699

SHA256
b918ea6cb6cd3e7f86853f5dbf58aaa77a7730aaec481cc0675703a24ef881cc

SHA512
9dac421eddc4b35d82c12126fdb074ebd80ae7539fb0a3e3bb51e231caed4fa1d95903d85071e34b0449765aa0eb6c9558b36e28b9238a91f5b7ff1682533b0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe

Filesize
468KB

MD5
7ab84ad0a584e8c166f5e3802b263841

SHA1
516c3e42cf9ce42014cb62b52490e63cd49c0965

SHA256
7084790b60d767193be46e0281d02becdef8c9393c99fc0dfbc924762e215f0b

SHA512
5494060a38eaf553d16f5315f541214fd204b6fdbe0a65fe2dcadd27c7b85d8e991a75ab733fbaaac538deeb612697ce9aabe25bb27f6de4ec1f931bc2339fe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe

Filesize
468KB

MD5
3b91d36b8bb91ea2ac7f05be56bb8b5f

SHA1
2e80778cbf76d8da283cee9cf8ddb8c03f029c8a

SHA256
fc3bca3e326292947f0125650bd947853dc016c3da5ee95ab5fdced6a89ab458

SHA512
2f3180241e4dc5bdf5c118d25b9de403f63bbaa6f1673dbfe0cd09b8c4ac42d206d0fe7036f2e6103fcf193ae5f3940b191f8ea68ae7ce6b680de3813fe1184e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe

Filesize
468KB

MD5
3a128e9640b7fa446216e5211eac1aa4

SHA1
7f7a260abbcc7eca74837cae8fb6aa5896e26e2f

SHA256
95b1a8708458be857a4da90c33714ae88d07f1e8818d8c72f02376ae92ab88cc

SHA512
9ba3142bb4e47b51b2c4d4e585606cbfdbbf47591c6261d65cb47f348701a7c1a06664fa5487675ed1947800a84c6f88e202c6ea10b57ea21638e20fe23b7cce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe

Filesize
468KB

MD5
51bc3b1a068bc70387385e07ad5c1e10

SHA1
296e5290842d57c3b5ae46d6c5024ad2af2a2600

SHA256
70b8342f8083f2f6974a28684218bb12772ccc7d8028c952a60a6f4fb9d6aebb

SHA512
d6ba36b05885041a811c854411b2ba5b4883028a828b2ddb4a6f3eefe495f7ed5f5143fc7e368e9047c0d4ecf053cfb37f9ec7b8f22c9cef8822480f15c75c9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe

Filesize
468KB

MD5
a7786b5763be4680dc8583fa3bae28c1

SHA1
5e3ae92f0b9108bb4844b6a5c0c8cf5ebe55a2f9

SHA256
60a3201940ece11898fa54a0fb63024812a116a4c0809e6dd12001dd993b1e63

SHA512
8f86d51a94e4a11a1a9c221c8adf5a7048a2e7eb603f9a2234f2cd5d5c058017a23c43028b0f99444041f5d7d822fb4223d57125bf3bdf95600593d62e54a1c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe

Filesize
468KB

MD5
868098e008cc05bba418f13ec6db723e

SHA1
c7330c1dede482b86ad90cd4b439b8b4385e79c7

SHA256
ac32113f6fb4b338ec232a8b2e9e8f7a17c5a018dbc37493ae430abda600be52

SHA512
ff04456194801cb13b2dc326fe7b0b4525e72b6b16afa4f99aef8c97a43180a3aac35a579fae2e314b79e435342af27328f3ba3726632b3bb997ca655311779a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe

Filesize
468KB

MD5
30eb4eef17ce14516d9de51c198ecbe0

SHA1
66a732425c99ab84cdba6006d415ba8156301a4a

SHA256
81b10ad6872de396886b7ef52e6f6d2f6568905d543fae78aa0efb82f75369ee

SHA512
290039cc07bea0f2ee625f74b5af38e2d8953351b8df2f294e353dc15e8f0cf85c861cfb2e526f3a05bffe94c97f48a1f78840ea55ab193626d601fc3bdf7563

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe

Filesize
468KB

MD5
ef0fda4413894bbac0d2cefc1746c281

SHA1
89e79e98bb3b1635cf179dde4aef9c12edd94c86

SHA256
b89080e73c411bbf336ed023457c0c74cb17a484782eef62f30f16cb4b286a28

SHA512
9cc4dd18ea8b8b27f30148c0b2b0e8b839550f53387d51ab724fe410e67739366f94d6696bbce11ac108cd806b8dd8a72a64ac9e7e3461cab1c7cae083396968

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe

Filesize
468KB

MD5
d0a3834fc49207972ede896c502103a8

SHA1
a2e920c463817764dae818d69e06ceb27e3c17fe

SHA256
8ff22d6f7f8ba084f38e4d36e14b6d55b85400ccc89c462dcd140448371f73d4

SHA512
68d547090ab9dca7b6bc19e3e0ecb936ea81506024cd1b3521306977748dfb76af8968ed0cbc556bdb2df7822bad4de358ac74c429b32b8adc08b644e228975d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe

Filesize
468KB

MD5
ab2bdba83f26a693b42b607b32e731c1

SHA1
75846f13ad364aaeec399489fd8bd563d897c266

SHA256
19b1bffc6a87bc291718bc7ecf34200cc04181a14de46ae6e3b8d8d604ced070

SHA512
0c70e179b830f9ff8b783faddd99791589eb4d56765e1ae6b151d4dbb99202130686c8cac8e4b9532102b692285738bae178423c1e5000ce83558e0484e75fa3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe

Filesize
468KB

MD5
f92c4d6f6bdfba714139a5c225ef5b20

SHA1
e1a50d854a0916c91f138083aac8b26e31571dc5

SHA256
2e11fdd445c532ef3f2b4bd72d6e239590aad77408b1602fbc15dc367ffa95cc

SHA512
720316a35d6d1a0f36ce71ded5360665e153ad8f8e5ea85b0bd2b474139e55c227c09bdd4b869289b7a36d7667ca1fce7ef9f530f3be38868e83c026b83ab01c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe

Filesize
468KB

MD5
97ecc354c673f2225b1bfcae5183340c

SHA1
ec41abf5939e59e2614db663008bba95254e2664

SHA256
16e0911776a29990af583ff081b9adafa2f706b9b6cf2feb4ba262537d0fb9e6

SHA512
75ced85753ec8b1724163696292d35905c22b13fc3bb71201b2889bcae8308d66f2b918a7379bb1549cb75dffc5aa66ab7fa74e69df8deb5120c3c423f906cc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe

Filesize
468KB

MD5
c9d1c266c1873567e791e82070380fc6

SHA1
b37217b27a88f2cf992bf1ba5009223d51d6594d

SHA256
52ab0ff4f14ec0bc6c7ad579ea4f864f19099a9f799a5bc560bfa28c9c834e7a

SHA512
06964a32e24803b2d9b814a5115839f986f22dca71ed81043ca81d8e8f5173bb71df53b14b3a0fd74f7cc476f73e61ad4889cd9e37ad93a04aa9b33831d30f5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe

Filesize
468KB

MD5
571a8fe212679890050e999485f001bc

SHA1
98c8e9368268e07f4d03ad6f59992c1caed8b0bb

SHA256
334305dab811514a9d2f64411e1af6001fffafb36531786c95670c56f2dd4aad

SHA512
d42ae1b426332b42119fddc2cd02c04735b719b1404ef1fcc7bae855d40ab70723f5845ab94c2b961e75dbe3932e10ad3b5870a7fcaa117d27a7e69ffd5b4752

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe

Filesize
468KB

MD5
8e36554cf012d9c149c89a0a8fec3720

SHA1
828124de1c1b48a11a9cda745bd5a3aade5e59ac

SHA256
860dc81914fe5d90a9ef2f4a25316aa83080c2f4cbb6c7c1d2f72d1da5e3a5e9

SHA512
9fb5138c7bdd7208be2d683e5a899b75d28e6981e856f8446fe639a9344815aa9eb0fd06f291c6fdc8a1f14f7f6fa9e124d38b28d8a130cdd1f889f6df9eeee0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60458.exe

Filesize
468KB

MD5
d686539f9ce3dd7311dc88f8fe416144

SHA1
e48036e12dc2a06cfafa5c8112eed1131b8e0b2f

SHA256
9e1cfee31d19c7188283cc98e966a3b2e52ec31f30ffa5eadb85bda94ba96274

SHA512
5ab7deb5fe33fd3474b7809432213a67cadd1bef4e2e465f96571bb5bb0904d2dc00219d520b0a7962d084adafbe640dd97dc2894135a6461f0625c7b4f93e14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-676.exe

Filesize
468KB

MD5
f81ead48ed5731a1c4369cdd4698c942

SHA1
eb39fa464b161625a1cd36b641bb69ed0ee1371c

SHA256
c09b18297145c0d80b7f1a017547eddf2006d72396f0839a51470f6108b815a5

SHA512
137cfad20c745f5f01f0cca2bc0a9e9b0744e28a845b8a954e4cc1afdf48ba23f537fd26f20f6e1bd13c3b49d3a169f0d5f18f48e1a72bb9a76a67b428a91f73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe

Filesize
468KB

MD5
4967c8d61d0629a39d0f4e52b8139a6f

SHA1
4536d09ca542af43ec3d1e23098a060732b5352d

SHA256
bc9637a92c0be6b2f70580ca2ae0f0a9adc7890c57e19a90ed5309ce7da03ac1

SHA512
d3dbc8fa68834757abd45feaf73ce4665cd864907f29e7d63c894d880de3649446d969a96fd0c6bb23b219295700d71d848d04718bc2804aa44baa3e37ff3215

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe

Filesize
468KB

MD5
86d3f081b9203f4ff1297cbdc4c88256

SHA1
22ace71346a58d310100f610e0574693b5c15fb6

SHA256
84996b745a4ca539b25d7b8cb8427053b00c446464a2de29309192a7bf78d794

SHA512
f45a46b46c6aa2487c022466dc88509e3831292c36a5cb89bf9bf13c2a0039bc6e86e7aae026e07118db96e9e5221391802fa5ad64a038e4b8a622f03f2a0eb4

Download Submit