209e69caa5126cc2b8c3c2b2f71023743556207abacf7abeda65c9f90fa2d3ba

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edaec5458a2a2a4027e82c5cfc096490N.exe
Size

468KB
MD5

edaec5458a2a2a4027e82c5cfc096490
SHA1

05302ad7de4181e7a96d7259d553c50361abbcf7
SHA256

209e69caa5126cc2b8c3c2b2f71023743556207abacf7abeda65c9f90fa2d3ba
SHA512

c3bc7843def61f7c447cc646554e12c404268d97db107c81f21a7fc0f233e2a9e736319637f86035a223d5066521e609efe3b469542761b34596a33be52a49dc
SSDEEP

3072:KoP1UogJdIf5UtbzbmzDZ7f8HEx1wPIVxnPHex2h5ofL8N3K+XMl6:Ko+oFBUtDmvZ7fUw4kof4RK+X

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2496	Unicorn-5503.exe
2480	Unicorn-6619.exe
804	Unicorn-43931.exe
2680	Unicorn-64647.exe
2752	Unicorn-5887.exe
2676	Unicorn-41989.exe
2712	Unicorn-56479.exe
1968	Unicorn-52286.exe
2612	Unicorn-50703.exe
1096	Unicorn-31674.exe
2080	Unicorn-25955.exe
2476	Unicorn-61030.exe
2536	Unicorn-26220.exe
1868	Unicorn-6354.exe
1876	Unicorn-54900.exe
2880	Unicorn-57413.exe
2952	Unicorn-14434.exe
2928	Unicorn-22603.exe
1072	Unicorn-55830.exe
1060	Unicorn-4028.exe
2144	Unicorn-10158.exe
2920	Unicorn-1228.exe
956	Unicorn-8020.exe
1808	Unicorn-53692.exe
2412	Unicorn-51667.exe
2180	Unicorn-57797.exe
2400	Unicorn-6385.exe
1712	Unicorn-20849.exe
1520	Unicorn-20849.exe
3012	Unicorn-7205.exe
680	Unicorn-31202.exe
872	Unicorn-45492.exe
2256	Unicorn-17366.exe
2464	Unicorn-52198.exe
2460	Unicorn-38362.exe
1596	Unicorn-45976.exe
2732	Unicorn-2897.exe
2964	Unicorn-9027.exe
2796	Unicorn-42254.exe
2704	Unicorn-19142.exe
2788	Unicorn-64834.exe
2576	Unicorn-44969.exe
2684	Unicorn-62431.exe
2716	Unicorn-62696.exe
2544	Unicorn-17580.exe
2620	Unicorn-17580.exe
3052	Unicorn-14242.exe
2328	Unicorn-31513.exe
784	Unicorn-28870.exe
1912	Unicorn-11357.exe
2324	Unicorn-24932.exe
1132	Unicorn-28270.exe
2840	Unicorn-28270.exe
3044	Unicorn-19910.exe
2868	Unicorn-13779.exe
1896	Unicorn-44.exe
2236	Unicorn-17777.exe
1960	Unicorn-28654.exe
1496	Unicorn-38960.exe
1952	Unicorn-59188.exe
696	Unicorn-62295.exe
2524	Unicorn-36883.exe
1340	Unicorn-47574.exe
2232	Unicorn-26215.exe

Loads dropped DLL 64 IoCs

pid	Process
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
2496	Unicorn-5503.exe
2496	Unicorn-5503.exe
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
2480	Unicorn-6619.exe
2496	Unicorn-5503.exe
2480	Unicorn-6619.exe
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
2496	Unicorn-5503.exe
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
804	Unicorn-43931.exe
804	Unicorn-43931.exe
2712	Unicorn-56479.exe
2712	Unicorn-56479.exe
804	Unicorn-43931.exe
804	Unicorn-43931.exe
2680	Unicorn-64647.exe
2680	Unicorn-64647.exe
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
2752	Unicorn-5887.exe
2480	Unicorn-6619.exe
2496	Unicorn-5503.exe
2676	Unicorn-41989.exe
2752	Unicorn-5887.exe
2676	Unicorn-41989.exe
2496	Unicorn-5503.exe
2480	Unicorn-6619.exe
2080	Unicorn-25955.exe
2080	Unicorn-25955.exe
2612	Unicorn-50703.exe
2612	Unicorn-50703.exe
1096	Unicorn-31674.exe
1096	Unicorn-31674.exe
2680	Unicorn-64647.exe
2680	Unicorn-64647.exe
804	Unicorn-43931.exe
804	Unicorn-43931.exe
2536	Unicorn-26220.exe
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
2536	Unicorn-26220.exe
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
2676	Unicorn-41989.exe
1868	Unicorn-6354.exe
2676	Unicorn-41989.exe
1868	Unicorn-6354.exe
2480	Unicorn-6619.exe
1876	Unicorn-54900.exe
1876	Unicorn-54900.exe
2480	Unicorn-6619.exe
2496	Unicorn-5503.exe
1968	Unicorn-52286.exe
2476	Unicorn-61030.exe
2496	Unicorn-5503.exe
1968	Unicorn-52286.exe
2476	Unicorn-61030.exe
2712	Unicorn-56479.exe
2712	Unicorn-56479.exe
2928	Unicorn-22603.exe
2928	Unicorn-22603.exe
2752	Unicorn-5887.exe
2752	Unicorn-5887.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2628	3052	WerFault.exe	75

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62608.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1804	edaec5458a2a2a4027e82c5cfc096490N.exe
2496	Unicorn-5503.exe
2480	Unicorn-6619.exe
804	Unicorn-43931.exe
2712	Unicorn-56479.exe
2752	Unicorn-5887.exe
2676	Unicorn-41989.exe
2680	Unicorn-64647.exe
1968	Unicorn-52286.exe
2612	Unicorn-50703.exe
1096	Unicorn-31674.exe
2080	Unicorn-25955.exe
2476	Unicorn-61030.exe
2536	Unicorn-26220.exe
1868	Unicorn-6354.exe
1876	Unicorn-54900.exe
2880	Unicorn-57413.exe
1072	Unicorn-55830.exe
2928	Unicorn-22603.exe
2952	Unicorn-14434.exe
2144	Unicorn-10158.exe
1808	Unicorn-53692.exe
1060	Unicorn-4028.exe
956	Unicorn-8020.exe
2920	Unicorn-1228.exe
2412	Unicorn-51667.exe
2180	Unicorn-57797.exe
2400	Unicorn-6385.exe
1712	Unicorn-20849.exe
1520	Unicorn-20849.exe
3012	Unicorn-7205.exe
680	Unicorn-31202.exe
872	Unicorn-45492.exe
2464	Unicorn-52198.exe
2460	Unicorn-38362.exe
1596	Unicorn-45976.exe
2732	Unicorn-2897.exe
2964	Unicorn-9027.exe
2796	Unicorn-42254.exe
2704	Unicorn-19142.exe
2788	Unicorn-64834.exe
3052	Unicorn-14242.exe
2576	Unicorn-44969.exe
2620	Unicorn-17580.exe
2684	Unicorn-62431.exe
2716	Unicorn-62696.exe
2544	Unicorn-17580.exe
2328	Unicorn-31513.exe
784	Unicorn-28870.exe
1912	Unicorn-11357.exe
2324	Unicorn-24932.exe
1132	Unicorn-28270.exe
2840	Unicorn-28270.exe
3044	Unicorn-19910.exe
2868	Unicorn-13779.exe
1896	Unicorn-44.exe
2236	Unicorn-17777.exe
1960	Unicorn-28654.exe
1496	Unicorn-38960.exe
696	Unicorn-62295.exe
1952	Unicorn-59188.exe
2524	Unicorn-36883.exe
1340	Unicorn-47574.exe
2232	Unicorn-26215.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2496	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	30
PID 1804 wrote to memory of 2496	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	30
PID 1804 wrote to memory of 2496	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	30
PID 1804 wrote to memory of 2496	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	30
PID 2496 wrote to memory of 2480	2496	Unicorn-5503.exe	32
PID 2496 wrote to memory of 2480	2496	Unicorn-5503.exe	32
PID 2496 wrote to memory of 2480	2496	Unicorn-5503.exe	32
PID 2496 wrote to memory of 2480	2496	Unicorn-5503.exe	32
PID 1804 wrote to memory of 804	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	33
PID 1804 wrote to memory of 804	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	33
PID 1804 wrote to memory of 804	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	33
PID 1804 wrote to memory of 804	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	33
PID 2480 wrote to memory of 2680	2480	Unicorn-6619.exe	34
PID 2480 wrote to memory of 2680	2480	Unicorn-6619.exe	34
PID 2480 wrote to memory of 2680	2480	Unicorn-6619.exe	34
PID 2480 wrote to memory of 2680	2480	Unicorn-6619.exe	34
PID 2496 wrote to memory of 2752	2496	Unicorn-5503.exe	35
PID 2496 wrote to memory of 2752	2496	Unicorn-5503.exe	35
PID 2496 wrote to memory of 2752	2496	Unicorn-5503.exe	35
PID 2496 wrote to memory of 2752	2496	Unicorn-5503.exe	35
PID 1804 wrote to memory of 2676	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	36
PID 1804 wrote to memory of 2676	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	36
PID 1804 wrote to memory of 2676	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	36
PID 1804 wrote to memory of 2676	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	36
PID 804 wrote to memory of 2712	804	Unicorn-43931.exe	37
PID 804 wrote to memory of 2712	804	Unicorn-43931.exe	37
PID 804 wrote to memory of 2712	804	Unicorn-43931.exe	37
PID 804 wrote to memory of 2712	804	Unicorn-43931.exe	37
PID 2712 wrote to memory of 1968	2712	Unicorn-56479.exe	38
PID 2712 wrote to memory of 1968	2712	Unicorn-56479.exe	38
PID 2712 wrote to memory of 1968	2712	Unicorn-56479.exe	38
PID 2712 wrote to memory of 1968	2712	Unicorn-56479.exe	38
PID 804 wrote to memory of 2612	804	Unicorn-43931.exe	39
PID 804 wrote to memory of 2612	804	Unicorn-43931.exe	39
PID 804 wrote to memory of 2612	804	Unicorn-43931.exe	39
PID 804 wrote to memory of 2612	804	Unicorn-43931.exe	39
PID 2680 wrote to memory of 1096	2680	Unicorn-64647.exe	40
PID 2680 wrote to memory of 1096	2680	Unicorn-64647.exe	40
PID 2680 wrote to memory of 1096	2680	Unicorn-64647.exe	40
PID 2680 wrote to memory of 1096	2680	Unicorn-64647.exe	40
PID 1804 wrote to memory of 2080	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	41
PID 1804 wrote to memory of 2080	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	41
PID 1804 wrote to memory of 2080	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	41
PID 1804 wrote to memory of 2080	1804	edaec5458a2a2a4027e82c5cfc096490N.exe	41
PID 2752 wrote to memory of 2476	2752	Unicorn-5887.exe	42
PID 2752 wrote to memory of 2476	2752	Unicorn-5887.exe	42
PID 2752 wrote to memory of 2476	2752	Unicorn-5887.exe	42
PID 2752 wrote to memory of 2476	2752	Unicorn-5887.exe	42
PID 2676 wrote to memory of 2536	2676	Unicorn-41989.exe	45
PID 2676 wrote to memory of 2536	2676	Unicorn-41989.exe	45
PID 2676 wrote to memory of 2536	2676	Unicorn-41989.exe	45
PID 2676 wrote to memory of 2536	2676	Unicorn-41989.exe	45
PID 2496 wrote to memory of 1876	2496	Unicorn-5503.exe	44
PID 2496 wrote to memory of 1876	2496	Unicorn-5503.exe	44
PID 2496 wrote to memory of 1876	2496	Unicorn-5503.exe	44
PID 2496 wrote to memory of 1876	2496	Unicorn-5503.exe	44
PID 2480 wrote to memory of 1868	2480	Unicorn-6619.exe	43
PID 2480 wrote to memory of 1868	2480	Unicorn-6619.exe	43
PID 2480 wrote to memory of 1868	2480	Unicorn-6619.exe	43
PID 2480 wrote to memory of 1868	2480	Unicorn-6619.exe	43
PID 2080 wrote to memory of 2880	2080	Unicorn-25955.exe	46
PID 2080 wrote to memory of 2880	2080	Unicorn-25955.exe	46
PID 2080 wrote to memory of 2880	2080	Unicorn-25955.exe	46
PID 2080 wrote to memory of 2880	2080	Unicorn-25955.exe	46

C:\Users\Admin\AppData\Local\Temp\edaec5458a2a2a4027e82c5cfc096490N.exe
"C:\Users\Admin\AppData\Local\Temp\edaec5458a2a2a4027e82c5cfc096490N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5503.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5503.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        7⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
        7⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        6⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
        8⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        7⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        7⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        6⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46437.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        6⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        5⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        5⤵
        
        PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1731.exe
        7⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        6⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40640.exe
        6⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        6⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        7⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        7⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        6⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        6⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        6⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        6⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        5⤵
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
        7⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        6⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        6⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        5⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        5⤵
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
      4⤵
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      4⤵
      PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48610.exe
      4⤵
      PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        7⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        6⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51653.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        5⤵
        
        PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        5⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18512.exe
        5⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        5⤵
        
        PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27808.exe
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
      4⤵
      PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
      4⤵
      PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        6⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        6⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        5⤵
        
        PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      4⤵
      PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6385.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        5⤵
        
        PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
      4⤵
      PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
      4⤵
      PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
    3⤵
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
    3⤵
    PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19377.exe
    3⤵
    PID:3424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
    3⤵
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
    3⤵
    PID:5004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        7⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
        6⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7205.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        7⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        6⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        5⤵
        
        PID:364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2561.exe
        6⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        6⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        6⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        6⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17449.exe
        5⤵
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        5⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        6⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62295.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
      4⤵
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
      4⤵
      PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        6⤵
        
        PID:512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        6⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        5⤵
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        5⤵
        
        PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        5⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        5⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
      4⤵
      PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43983.exe
      4⤵
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      4⤵
      PID:4896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
      4⤵
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
      4⤵
      PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
      4⤵
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      4⤵
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
    3⤵
    PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
    3⤵
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
    3⤵
    PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
    3⤵
    PID:4872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
        6⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        5⤵
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        5⤵
        
        PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        5⤵
        Program crash
        
        PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
      4⤵
      PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        5⤵
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
      4⤵
      PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
      4⤵
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
      4⤵
      PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
      4⤵
      PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
      4⤵
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
      4⤵
      PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
    3⤵
    PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
    3⤵
    PID:1160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
    3⤵
    PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52479.exe
      4⤵
      PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
    3⤵
    PID:4460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
    3⤵
    PID:4200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
      4⤵
      PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37585.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
      4⤵
      PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
      4⤵
      PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
    3⤵
    PID:1436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
    3⤵
    PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
    3⤵
    PID:3328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
    3⤵
    PID:3660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
    3⤵
    PID:4868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
      4⤵
      PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
      4⤵
      PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
      4⤵
      PID:3880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
    3⤵
    PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
    3⤵
    PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
    3⤵
    PID:5096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63298.exe
    3⤵
    PID:3500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
    3⤵
    PID:4848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
  2⤵
  PID:3132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
  2⤵
  PID:3156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
  2⤵
  PID:4172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
  2⤵
  PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe

Filesize
468KB

MD5
360c49000983a2f5b4a3cbe7e3f06653

SHA1
124d7674d7011c140b3773e61f32a5bd41d1d20a

SHA256
525741c007b7ce9c70d910b4ad7dcfffeb64af00c2f87bd7905b727ae9f10f04

SHA512
8a482e2ff2301ceeacf56ea4bc9c3e15a39336f6d4e155c3897787bc46d0e6e6f43520fe8b5e265223f175cc939aa35320a50e9fc6619d2db194503c4712676d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe

Filesize
468KB

MD5
cd838e453cbd8c45e0a3b6b55d48f4dc

SHA1
aa6b8a3856307157b9dbad22dbd22f62d7aff8d4

SHA256
46e4172016a388925c14c23c16b30a0ab07308ed40bfff55633b6ddcf582ad64

SHA512
d8da6a2ea5b8a531d3e365f84cd2a2aceb8cee0d69f20e909986075f046413f62b079eef7b6baff0433925691bf4fa080792f19f7c73fc864f0dee9154e9662b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe

Filesize
468KB

MD5
7c37363058da1cf0d39d7805fabb6dca

SHA1
5c0f66d9c2dccfd09396f0710856477bfcbc479d

SHA256
19fdf81eaa0eca2d5cf2bef687b62611c0c010a2d369e531fe982d295db333b1

SHA512
bc20f2f06dc5bbb0526159045c606ca65fe668779421de784d2a1ed7cdc308af69a7daef71ff656e81d5de9f3fc6633150d7e785f52f2148bf475a295f3350a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe

Filesize
468KB

MD5
78a6f714c78c346e7c232e7a962f488e

SHA1
9afd3acd7a340622cece9dbb2c99a726e0e1bac2

SHA256
7ac96f089f1c1c3cdb009be8896e1e794165850348e336c3e4f738ceb4fa3555

SHA512
a74961f30f3e4408fec7e179584670cf6662f329475a4158f3125421bc20628dd8730d47931cb30dad7c9f8dc1cd5475fec6fac117b1b2fc66dcb6aa94ed791a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe

Filesize
468KB

MD5
4c8e40861b97a1c5a04602297aeb18a0

SHA1
ef91aac76fb72581ab80bb533cece4f0ce2c32fb

SHA256
f07b0c786b2dbbb43dbadbb1905ec3f3af3f94987aaf8a1fbc60edef36b0a3a8

SHA512
e2ad24123a44d92c34db7000f4fa057363afe437ba301baf6cd3ae860e94a581b4975e9ce8afc044e147709e8b2c17184c9b133732e88318be37aa51166f691b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe

Filesize
468KB

MD5
7602aebc7c0509b26cdbcd54ac7450d2

SHA1
4438e2490b5758225f071e667a1bff369957896b

SHA256
31668ca2b8b01db0a5901367372223f2abac2109bf5dd22438b359b2c51897b2

SHA512
5662c61525f1cdf9d6ce62a37a5e8ea9abd76ca744982fa35e0db476b479b0052ae8df5798519561ae893bd47cd077a9475c641ecb9bf36dc346771f1174c5a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe

Filesize
468KB

MD5
6010baef424c97d8c54aea02d9bfdbae

SHA1
006923322ef57ddd0fa9f55906be8709951dd7ec

SHA256
12d03ed810b5e3669ccb7ec56f5a467de735d3fb4c1ff03ebe9d605ccbde484c

SHA512
5201d2eaf2d0cdf7126924b48bfb9a03ffcb6fa61e00ec470d81ddff804945049326d5b353dcdd8077f18a4f4a517ac5ba206f5b94dd648f52148823209c5628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe

Filesize
468KB

MD5
1a2fc50d56838f604665e9aa434111b8

SHA1
6ab9ce9a1ca1f608ca2476fcfd225686271bf25b

SHA256
e2dcf594487004225b3ef0833e4c68a974e00f5115f643e93abb7832d6560131

SHA512
ecaa0949bd5681a702380444c0a200508ecf498d7e94de2e897d84a81819b9ef1680e1cc7b65fb18cf3a4f125c0d164f1123b2b563a93fe6ed4469a0580c5ca4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe

Filesize
468KB

MD5
af9fd3d34af4fa183a91ad8768fb3746

SHA1
1a7e727f592a30fd3e812106afcaf8bf24508feb

SHA256
3fee9228a42406c9e0fba9959850740110adf19c8407d86f6e773b6a72eb7724

SHA512
25fd335aa06d9ca0ffc7780ba870a0abcb992b043a49dae19f9a02b6990b9bb40736bc6aa5e57c448c33ba74cdf1c768201ce0983330642ff2a7f5477965bf92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe

Filesize
468KB

MD5
23b0c22f25e7ea55752172929f1d9d5d

SHA1
6211f304a4e0bb4cb88d87e0dd42f02ac19a17c0

SHA256
645633649736d8723bb018e4dc679f88f127183715f582039b25ca3b955d0c39

SHA512
94ae0ffcc5e2f96348db2019592291e2edb76a2d9e1a85625d40302abe190505533edb2a9b7d59a05ae4fb7758e510e0eec5ba30d47c297a2e919a938c05318f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe

Filesize
468KB

MD5
97a133a025f7ff3c147ae2e6705db4c1

SHA1
8b4db7d865850dd2ca010930049bcc1bbc26ef21

SHA256
14264756e2bb8c19f959f5f9f6185cbb3b9f051acda8f2029ed12687a5de0e93

SHA512
2429e94e366b56076fa3110986f6a4071f2bd5759e8bb136351a153c0abe3c19e6a31319b55c0f06b937c06d5da0a670c1c40ba1b157ab62dc3487291df37d45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe

Filesize
468KB

MD5
345af3e4adc8a93218bb4c0168270306

SHA1
cb5fcd1c4b760abb87f778db198ad4427f24b3cb

SHA256
b55aaa91438a4ad49e495263f4893e138945807ed45f1d85f9a57c0e6ccdae2f

SHA512
8278332471597a6d6046d7a99d19e11d04e5efa25051d51ad2d45db6ebbe3163ef8f3324a01f3d222b89bdd46cb1307b06756e863574941fa570844534d38e59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe

Filesize
468KB

MD5
614028f216e9e88f862d13d779108a8b

SHA1
d97a64c250f78634c7ff338f4c97365e9428349c

SHA256
efbe6521842f2376e0b1ce2dea4b3dd6064beca889583662e8d41ecf902de184

SHA512
61626865b5fcbcee4d8a1ed6859993993eb6a19f30fbf5afa128a908df8ba64cca4fc40f04ea617995d3f165ae73a78451ae9abcc79c659d6aa1b7ab5616224e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe

Filesize
468KB

MD5
3c56bf5f867e601070b164dadae75356

SHA1
a5ff4af106f43d337436452007c5c4e505afeb88

SHA256
783b2dee604fa120df7b9a99cc586b4c87159145ba173ba73d45c51270332c5a

SHA512
72a4646eab4bfa925b1e57de173f8f46562882f53b92b07004662c2a2e5d784b521e9ad69135ab1c7f4f1785327a9871c7632120f50d4cc54d9eee84cb652eeb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5503.exe

Filesize
468KB

MD5
f5b16341c0dc371fe6732d2bc28491e5

SHA1
8de8b423a44e36f9d305bd17de4a7f8c36fb9e37

SHA256
f76a544b6b0dea9bfd4fcdbdf3c581e653b3cf4f21441225ebd4d4168a717aa6

SHA512
d7ceb1b05d954dbaf52e8098d047be907bd13cc0afb613d3c8959079a3121ddcd81ba377f87bfd472839cb7caea8908a32833f98b255a80271621aa1d27c1a9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe

Filesize
468KB

MD5
e7f448ac3492d7470f4ec5d5f1182d6c

SHA1
67db1b22059c19f4a479ec54fc03f3acedb0d0be

SHA256
983db2a0d1dc9b8e28cb21fb2909f51c65c0ab7ba36528559c6ae68e2529632d

SHA512
c4210096a14114287e6036b2c8137b8634b0aee2a664d8331290075378daceae00e523f7d4785bd15a2a3c7fc1a0ce70605d3c0b32ebcfedf8f955a9011bdc60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe

Filesize
468KB

MD5
8642b49212350a156a9f6635833a4794

SHA1
0c070e7d44c6bc33e62b02dbe0935b6f0e0ea5f8

SHA256
614556fcf60177c87c79e2608fd208d3c888b89ecd4ed6ff5b26ae53128c1d6e

SHA512
8eb72f24e2b2e59d99a28d46ca433664b70c37e704f2abd8ec6040fb01ea24763559b27f08ab3c5694cbef2544dbcf8add8a5be528a736cb67cc415e0de5c39e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe

Filesize
468KB

MD5
81a93dbcafd86a30e6627315bd5bf808

SHA1
9e8c86d5b8ebc6cc385a851cb1c3217fb2d31441

SHA256
9b8d8f39185a65476fe287d2dad7e488e85c78b0baef9a9c8faea9298b1ed7db

SHA512
32884645017c3a6f9253a8662649f9a9abfc0f33f6933c4cd8473b3f86e7139f9b18a7ce8c9482c0c03f3e77025e2b09498e16e93e7a17993c5614e7a7993b21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe

Filesize
468KB

MD5
63332ef8e47b19d045a16d83bac7d753

SHA1
055f5ba229f4c883eff02026eee74bf5219c68ea

SHA256
a9224ccd833e66ed6fb5139f6876a45cdf8fed250e27b2f67bda7bbe5d8766b6

SHA512
b65aeb234afa84179a19ec102e0e2c932e2453e1a5b3e021b84b44f2c28e1625e001040705425dabd49c2e18c95337594d005cf6b5213112d791d42a6abb13e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe

Filesize
468KB

MD5
4aecd4c0f7f8cac72274573bccc0c8d0

SHA1
29fad306bb38bb4ae61f510ac756577595ff46c1

SHA256
b4a7fe3605049247048552a0b0565fff66355ac0475b903ffd4559f3a5e7ac82

SHA512
5be38ad9ba2e8c206c8158f9b708ef4e9865d8f949694cf1ffb1f2031a6053b5d93a24f5c46feb1cc1e4807cf4c4cb0ebd86c5a9fa96203a71ab1e72c00e7e04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe

Filesize
468KB

MD5
aa4a90f97a4ae63e9155a7328b41c1c5

SHA1
ee1e07dec86e8ecd70c18319888fbe3f353ad63f

SHA256
f323ed3052e27e0dd0fbfccd670dbbaa90926a14dd73e6864c18ae57342f4221

SHA512
e23eab45baa4f761fb7333277cd9851ecddd9429d9a5e919f827b989735d5506435ec1efef12ed2dc6bffa24ded68c17843c26f1fdadbc7072b8f7968e2197be

Download Submit