e17957a0031f937aa6eff0e7b07d997b855554df10a17d9aa488c8ceb95f7273

Analysis

max time kernel
120s
max time network
15s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ad673bbed227f09af614d6edf9661f0N.exe
Size

468KB
MD5

5ad673bbed227f09af614d6edf9661f0
SHA1

73a0ce76fc6672a3972c82ecd19754ed5f9b662f
SHA256

e17957a0031f937aa6eff0e7b07d997b855554df10a17d9aa488c8ceb95f7273
SHA512

d23aa520bfe2eb6b3381ac0dacb2ac0b4bbb8d98f8450ed3c74b0ab1ee166aa9c9c55913316bedd09e7c1763509bfe8c2c067626ce35bf9a29531c4187898654
SSDEEP

3072:/JvCo3ldI03YtbYIPzkjNfT/rChagIpjn1HCOVLD0bwLmWxESlle:/J6oMOYt3PAjNfQ0g20b6txES

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2480	Unicorn-45045.exe
2840	Unicorn-45486.exe
2916	Unicorn-58485.exe
2664	Unicorn-36052.exe
2768	Unicorn-25397.exe
2632	Unicorn-37287.exe
2648	Unicorn-64021.exe
1748	Unicorn-42077.exe
2056	Unicorn-32107.exe
2544	Unicorn-43037.exe
1832	Unicorn-52558.exe
1692	Unicorn-55543.exe
2876	Unicorn-9871.exe
1060	Unicorn-44391.exe
1284	Unicorn-9085.exe
3036	Unicorn-53413.exe
2216	Unicorn-40798.exe
2160	Unicorn-30143.exe
2212	Unicorn-27926.exe
1452	Unicorn-24737.exe
2328	Unicorn-24929.exe
2204	Unicorn-65199.exe
756	Unicorn-26849.exe
2320	Unicorn-6983.exe
2148	Unicorn-12742.exe
1824	Unicorn-18873.exe
1992	Unicorn-30994.exe
1080	Unicorn-34524.exe
960	Unicorn-34451.exe
2420	Unicorn-26084.exe
1464	Unicorn-32215.exe
556	Unicorn-32215.exe
1564	Unicorn-29069.exe
1596	Unicorn-6750.exe
1552	Unicorn-24439.exe
2740	Unicorn-22402.exe
2788	Unicorn-12624.exe
2784	Unicorn-16154.exe
2080	Unicorn-56609.exe
3000	Unicorn-201.exe
2684	Unicorn-61057.exe
2752	Unicorn-40274.exe
2908	Unicorn-15504.exe
1656	Unicorn-56802.exe
1896	Unicorn-40466.exe
2548	Unicorn-5307.exe
2556	Unicorn-48915.exe
2400	Unicorn-17005.exe
2440	Unicorn-17005.exe
2552	Unicorn-64788.exe
2344	Unicorn-50947.exe
1684	Unicorn-57077.exe
1196	Unicorn-59215.exe
2396	Unicorn-53808.exe
2256	Unicorn-61976.exe
2284	Unicorn-4607.exe
2448	Unicorn-53808.exe
1460	Unicorn-53808.exe
2340	Unicorn-37472.exe
2592	Unicorn-29304.exe
968	Unicorn-61794.exe
696	Unicorn-26241.exe
588	Unicorn-18073.exe
1264	Unicorn-42852.exe

Loads dropped DLL 64 IoCs

pid	Process
2104	5ad673bbed227f09af614d6edf9661f0N.exe
2104	5ad673bbed227f09af614d6edf9661f0N.exe
2104	5ad673bbed227f09af614d6edf9661f0N.exe
2480	Unicorn-45045.exe
2104	5ad673bbed227f09af614d6edf9661f0N.exe
2480	Unicorn-45045.exe
2840	Unicorn-45486.exe
2840	Unicorn-45486.exe
2480	Unicorn-45045.exe
2480	Unicorn-45045.exe
2916	Unicorn-58485.exe
2104	5ad673bbed227f09af614d6edf9661f0N.exe
2916	Unicorn-58485.exe
2104	5ad673bbed227f09af614d6edf9661f0N.exe
2664	Unicorn-36052.exe
2664	Unicorn-36052.exe
2840	Unicorn-45486.exe
2840	Unicorn-45486.exe
2768	Unicorn-25397.exe
2768	Unicorn-25397.exe
2480	Unicorn-45045.exe
2480	Unicorn-45045.exe
2916	Unicorn-58485.exe
2632	Unicorn-37287.exe
2916	Unicorn-58485.exe
2632	Unicorn-37287.exe
2104	5ad673bbed227f09af614d6edf9661f0N.exe
2104	5ad673bbed227f09af614d6edf9661f0N.exe
1748	Unicorn-42077.exe
1748	Unicorn-42077.exe
2664	Unicorn-36052.exe
2664	Unicorn-36052.exe
2056	Unicorn-32107.exe
2056	Unicorn-32107.exe
2648	Unicorn-64021.exe
2648	Unicorn-64021.exe
2840	Unicorn-45486.exe
2840	Unicorn-45486.exe
2876	Unicorn-9871.exe
1060	Unicorn-44391.exe
1060	Unicorn-44391.exe
2876	Unicorn-9871.exe
2104	5ad673bbed227f09af614d6edf9661f0N.exe
2104	5ad673bbed227f09af614d6edf9661f0N.exe
1692	Unicorn-55543.exe
2632	Unicorn-37287.exe
2632	Unicorn-37287.exe
1692	Unicorn-55543.exe
2916	Unicorn-58485.exe
2544	Unicorn-43037.exe
2916	Unicorn-58485.exe
2544	Unicorn-43037.exe
2768	Unicorn-25397.exe
2768	Unicorn-25397.exe
1832	Unicorn-52558.exe
1832	Unicorn-52558.exe
2480	Unicorn-45045.exe
2480	Unicorn-45045.exe
2664	Unicorn-36052.exe
2664	Unicorn-36052.exe
1284	Unicorn-9085.exe
3036	Unicorn-53413.exe
1284	Unicorn-9085.exe
3036	Unicorn-53413.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1620	2592	WerFault.exe	88

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24929.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2104	5ad673bbed227f09af614d6edf9661f0N.exe
2480	Unicorn-45045.exe
2840	Unicorn-45486.exe
2916	Unicorn-58485.exe
2664	Unicorn-36052.exe
2768	Unicorn-25397.exe
2632	Unicorn-37287.exe
2648	Unicorn-64021.exe
1748	Unicorn-42077.exe
2056	Unicorn-32107.exe
1832	Unicorn-52558.exe
2544	Unicorn-43037.exe
2876	Unicorn-9871.exe
1692	Unicorn-55543.exe
1060	Unicorn-44391.exe
1284	Unicorn-9085.exe
3036	Unicorn-53413.exe
2216	Unicorn-40798.exe
2160	Unicorn-30143.exe
2212	Unicorn-27926.exe
2204	Unicorn-65199.exe
1452	Unicorn-24737.exe
2328	Unicorn-24929.exe
2320	Unicorn-6983.exe
756	Unicorn-26849.exe
2148	Unicorn-12742.exe
1824	Unicorn-18873.exe
1080	Unicorn-34524.exe
960	Unicorn-34451.exe
1992	Unicorn-30994.exe
2420	Unicorn-26084.exe
556	Unicorn-32215.exe
1464	Unicorn-32215.exe
1564	Unicorn-29069.exe
1596	Unicorn-6750.exe
1552	Unicorn-24439.exe
2740	Unicorn-22402.exe
2784	Unicorn-16154.exe
2788	Unicorn-12624.exe
3000	Unicorn-201.exe
2080	Unicorn-56609.exe
2684	Unicorn-61057.exe
2440	Unicorn-17005.exe
2752	Unicorn-40274.exe
2908	Unicorn-15504.exe
2400	Unicorn-17005.exe
1656	Unicorn-56802.exe
1896	Unicorn-40466.exe
2548	Unicorn-5307.exe
2552	Unicorn-64788.exe
2556	Unicorn-48915.exe
1684	Unicorn-57077.exe
2344	Unicorn-50947.exe
1196	Unicorn-59215.exe
2340	Unicorn-37472.exe
2396	Unicorn-53808.exe
2448	Unicorn-53808.exe
2592	Unicorn-29304.exe
2256	Unicorn-61976.exe
1460	Unicorn-53808.exe
2284	Unicorn-4607.exe
968	Unicorn-61794.exe
696	Unicorn-26241.exe
588	Unicorn-18073.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2480	2104	5ad673bbed227f09af614d6edf9661f0N.exe	29
PID 2104 wrote to memory of 2480	2104	5ad673bbed227f09af614d6edf9661f0N.exe	29
PID 2104 wrote to memory of 2480	2104	5ad673bbed227f09af614d6edf9661f0N.exe	29
PID 2104 wrote to memory of 2480	2104	5ad673bbed227f09af614d6edf9661f0N.exe	29
PID 2480 wrote to memory of 2840	2480	Unicorn-45045.exe	30
PID 2480 wrote to memory of 2840	2480	Unicorn-45045.exe	30
PID 2480 wrote to memory of 2840	2480	Unicorn-45045.exe	30
PID 2480 wrote to memory of 2840	2480	Unicorn-45045.exe	30
PID 2104 wrote to memory of 2916	2104	5ad673bbed227f09af614d6edf9661f0N.exe	31
PID 2104 wrote to memory of 2916	2104	5ad673bbed227f09af614d6edf9661f0N.exe	31
PID 2104 wrote to memory of 2916	2104	5ad673bbed227f09af614d6edf9661f0N.exe	31
PID 2104 wrote to memory of 2916	2104	5ad673bbed227f09af614d6edf9661f0N.exe	31
PID 2840 wrote to memory of 2664	2840	Unicorn-45486.exe	32
PID 2840 wrote to memory of 2664	2840	Unicorn-45486.exe	32
PID 2840 wrote to memory of 2664	2840	Unicorn-45486.exe	32
PID 2840 wrote to memory of 2664	2840	Unicorn-45486.exe	32
PID 2480 wrote to memory of 2768	2480	Unicorn-45045.exe	33
PID 2480 wrote to memory of 2768	2480	Unicorn-45045.exe	33
PID 2480 wrote to memory of 2768	2480	Unicorn-45045.exe	33
PID 2480 wrote to memory of 2768	2480	Unicorn-45045.exe	33
PID 2916 wrote to memory of 2632	2916	Unicorn-58485.exe	34
PID 2916 wrote to memory of 2632	2916	Unicorn-58485.exe	34
PID 2916 wrote to memory of 2632	2916	Unicorn-58485.exe	34
PID 2916 wrote to memory of 2632	2916	Unicorn-58485.exe	34
PID 2104 wrote to memory of 2648	2104	5ad673bbed227f09af614d6edf9661f0N.exe	35
PID 2104 wrote to memory of 2648	2104	5ad673bbed227f09af614d6edf9661f0N.exe	35
PID 2104 wrote to memory of 2648	2104	5ad673bbed227f09af614d6edf9661f0N.exe	35
PID 2104 wrote to memory of 2648	2104	5ad673bbed227f09af614d6edf9661f0N.exe	35
PID 2664 wrote to memory of 1748	2664	Unicorn-36052.exe	36
PID 2664 wrote to memory of 1748	2664	Unicorn-36052.exe	36
PID 2664 wrote to memory of 1748	2664	Unicorn-36052.exe	36
PID 2664 wrote to memory of 1748	2664	Unicorn-36052.exe	36
PID 2840 wrote to memory of 2056	2840	Unicorn-45486.exe	37
PID 2840 wrote to memory of 2056	2840	Unicorn-45486.exe	37
PID 2840 wrote to memory of 2056	2840	Unicorn-45486.exe	37
PID 2840 wrote to memory of 2056	2840	Unicorn-45486.exe	37
PID 2768 wrote to memory of 2544	2768	Unicorn-25397.exe	38
PID 2768 wrote to memory of 2544	2768	Unicorn-25397.exe	38
PID 2768 wrote to memory of 2544	2768	Unicorn-25397.exe	38
PID 2768 wrote to memory of 2544	2768	Unicorn-25397.exe	38
PID 2480 wrote to memory of 1832	2480	Unicorn-45045.exe	39
PID 2480 wrote to memory of 1832	2480	Unicorn-45045.exe	39
PID 2480 wrote to memory of 1832	2480	Unicorn-45045.exe	39
PID 2480 wrote to memory of 1832	2480	Unicorn-45045.exe	39
PID 2916 wrote to memory of 1692	2916	Unicorn-58485.exe	40
PID 2916 wrote to memory of 1692	2916	Unicorn-58485.exe	40
PID 2916 wrote to memory of 1692	2916	Unicorn-58485.exe	40
PID 2916 wrote to memory of 1692	2916	Unicorn-58485.exe	40
PID 2632 wrote to memory of 2876	2632	Unicorn-37287.exe	41
PID 2632 wrote to memory of 2876	2632	Unicorn-37287.exe	41
PID 2632 wrote to memory of 2876	2632	Unicorn-37287.exe	41
PID 2632 wrote to memory of 2876	2632	Unicorn-37287.exe	41
PID 2104 wrote to memory of 1060	2104	5ad673bbed227f09af614d6edf9661f0N.exe	42
PID 2104 wrote to memory of 1060	2104	5ad673bbed227f09af614d6edf9661f0N.exe	42
PID 2104 wrote to memory of 1060	2104	5ad673bbed227f09af614d6edf9661f0N.exe	42
PID 2104 wrote to memory of 1060	2104	5ad673bbed227f09af614d6edf9661f0N.exe	42
PID 1748 wrote to memory of 1284	1748	Unicorn-42077.exe	43
PID 1748 wrote to memory of 1284	1748	Unicorn-42077.exe	43
PID 1748 wrote to memory of 1284	1748	Unicorn-42077.exe	43
PID 1748 wrote to memory of 1284	1748	Unicorn-42077.exe	43
PID 2664 wrote to memory of 3036	2664	Unicorn-36052.exe	44
PID 2664 wrote to memory of 3036	2664	Unicorn-36052.exe	44
PID 2664 wrote to memory of 3036	2664	Unicorn-36052.exe	44
PID 2664 wrote to memory of 3036	2664	Unicorn-36052.exe	44

C:\Users\Admin\AppData\Local\Temp\5ad673bbed227f09af614d6edf9661f0N.exe
"C:\Users\Admin\AppData\Local\Temp\5ad673bbed227f09af614d6edf9661f0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        9⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        7⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8209.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        6⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        7⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        9⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37321.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        7⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        6⤵
        Executes dropped EXE
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        7⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
        6⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
        6⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        7⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        6⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        6⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19538.exe
        6⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        6⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        6⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        5⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61441.exe
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        7⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        6⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52077.exe
        6⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        6⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
        6⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        5⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
        5⤵
        
        PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        6⤵
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        6⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        5⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
      4⤵
      PID:600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
      4⤵
      PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
      4⤵
      PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21546.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        6⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        6⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        6⤵
        Program crash
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
      4⤵
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        5⤵
        
        PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
      4⤵
      PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        7⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        5⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        6⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        5⤵
        
        PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        5⤵
        
        PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
      4⤵
      PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
      4⤵
      PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
      4⤵
      PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
      4⤵
      PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
      4⤵
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
    3⤵
    PID:676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
    3⤵
    PID:816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
    3⤵
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
    3⤵
    PID:4196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        7⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
        6⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        6⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
        5⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
        6⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        5⤵
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        5⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        5⤵
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        5⤵
        
        PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
      4⤵
      PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
      4⤵
      PID:4160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37321.exe
        6⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        6⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        5⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        5⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        5⤵
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
      4⤵
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
      4⤵
      PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
      4⤵
      PID:4524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        5⤵
        
        PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
      4⤵
      PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
      4⤵
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
      4⤵
      PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
      4⤵
      PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
      4⤵
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
      4⤵
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
      4⤵
      PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
    3⤵
    PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        5⤵
        
        PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
      4⤵
      PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
      4⤵
      PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52195.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
      4⤵
      PID:4244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
    3⤵
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
    3⤵
    PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
    3⤵
    PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47611.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24737.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        5⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
      4⤵
      PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
    3⤵
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
      4⤵
      PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
      4⤵
      PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
    3⤵
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
    3⤵
    PID:3396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18829.exe
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
        5⤵
        
        PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
    3⤵
    PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
    3⤵
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
    3⤵
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
    3⤵
    PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
    3⤵
    PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
    3⤵
    PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
    3⤵
    PID:4288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
  2⤵
  PID:2892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
  2⤵
  PID:3540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
  2⤵
  PID:4108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
  2⤵
  PID:1200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe

Filesize
468KB

MD5
15a4676e7b541e1a6efe479dac342096

SHA1
e67b675ea8f22f870cdd61f488259272f3ed996c

SHA256
5617af27580e8049949e096cdcd13abfad78aea9052badef00d1cb50a551da50

SHA512
7712dc685d985346988100aee266249657adea184f8182c6c8ef47d5e6e5e47c619114d1fcefbdfa9def6f0a0dff721d181b9766a9d13a9e859f7384b92b5efd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe

Filesize
468KB

MD5
22ae989252078efd6ad46c68ed8d32f0

SHA1
0164ffc71a40a7e4cdad03c30feb3426ec985af2

SHA256
13a24e20812a5c78d1f7a36dc7c9b3021ef70cbc1660de8f6fce0b28651afe61

SHA512
602d21a410faa4ce3749bd2f4aba85c2a1866ca324ab811861900d5986f7ae18c3f1fb454cb0cab4af1c3c70ed6a7d63a26ef19604bd0d682759948304aca839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe

Filesize
468KB

MD5
fa37678a5bdaee3d51e1bb52b5f02a1a

SHA1
1c6465daf3dfa49d8f60b94d6a0480d909fec976

SHA256
f5d295ca18a7416d577e44aeb2a67b4806296363cd4862f61f75346a17dae30d

SHA512
8148c41ac1c57a729a4e3d2ec98d402cbdae061dfa4b31416b3f07aec3ed6235e96060faf518adfadb4b8652a30811ac23ef5429331cf1d3a17c7ab2ba1de695

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe

Filesize
468KB

MD5
10e869291bbe618fbc1106356c4971a8

SHA1
b277fdcc30c02ec53fefbd899df93bd77a1b15b5

SHA256
f4db2834140d21e26c0105218f918a8338bd32f1aa0d8bd65408ef8cce3ebf94

SHA512
9abcd2251e2c188e036b2bdb0f0537067b9d360bcf20e777e18f9d80e09f2f8cfdc7a9f11c2cf0129ec4062c1c65c9186fab58c428025e02011ad74800e033d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe

Filesize
468KB

MD5
65b241dfdc8e91c7129f1f531841cf32

SHA1
174fe80832e1a688f9d258558509f0d9ee660d48

SHA256
484282bf9642724d49b438f1489d9d4ae5565c918fece05eedd8d1e862ceaf55

SHA512
b2fb60ef07398d8bc923842b6ca6f3acfdf72cf9067b0ac3a635cbe86176d63f7e8872e71d6cd7e42bd8b5b65d2beda50c9edfa6769ae06fe155c3241177dca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe

Filesize
468KB

MD5
5b404215bac6e2b9385939c1fa574598

SHA1
8bf7a816ab86870cd8066af65403d3ccf162e62a

SHA256
9f374b62372dbe9da779a74fcd27c6899628bfb34eee27393bed94b9bc4b5c72

SHA512
2134144e91e24c7461a7e690b2f3d9b510a6d5668bbb6740253604683e8fb12c8653a6ad5f4ce417717c5a76db07850d4b2ba983ff6929c8ab35bcd1999ed289

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe

Filesize
468KB

MD5
ddc89a9bafc6d7686633a8d25eb9ac32

SHA1
1bfea9246249830b73cf7c14c438a5285f96c342

SHA256
e800e2f531e412ac098bdd77228977cd74c782d8f374d6fb464e7ced7ad6e625

SHA512
f52a5c2f67e0718f0a816e15c98eba3cda9426619e212d13cdeae1dc980b24d150819cfdd9f6c1cb54004442520c3730b96d5cb1498e63a43e95db9aa036dae4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe

Filesize
468KB

MD5
8b81578177b1e57a4ed490b1da26868c

SHA1
c77a48abf34c9c7dba5e24cdbb20d6f43805fa33

SHA256
fc4492eb0ba0e395568e92310c0a4100c2901980dd682a8d4281ac398eb3b58a

SHA512
e23ec7009299717510cab431c336de85e1e49cdc3c52f417229bab78074de99c1c3fa29b768d5f09ee7ebb3165cb10300e9c56def47185c6771ff7830daccb20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe

Filesize
468KB

MD5
5f20924aed6f8ecdc5f223aea109747b

SHA1
cbbf418c47900d31fdc16850991c275a61125815

SHA256
3ebca7858cc2a0241943a3c50834c5ca62c8efbb4f44efef06d3bb6aa6ba0ca5

SHA512
96221b6e541b920a4a3b89b0948af7c6553a47727373801e6755a16d56ce8366a88a17e658aa372a9891bec4f6b925acf758edb56c45e4ca088c0a66088528b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe

Filesize
468KB

MD5
91b0b3443c65521815db985758380eb8

SHA1
bd5a92bb8e9bdb0f6385ec9b2c2fb9ded4f1c3ef

SHA256
5377b8a8f5af4759f0995e71bdc8236e9d1f9b2cb1b4007cd1415481d935c4d3

SHA512
1f0dc901c35a5c8569136505f2071232393db4bfc9a84be7a5011621ca22271a0dec5f267c68eb98e4b02bb20eac35c60494e6e3e26bcdbce4b0540005f13598

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe

Filesize
468KB

MD5
650014c63078fc0e6007bb7a3a6c1765

SHA1
f81b63fc2235c318b7e9786e6603538ab4122c84

SHA256
8d73200dd291e37a21a1d6dbae4fb3fcaf5b24d93e40aecf3cb3faefb9c217cc

SHA512
6d4605b32ad679585a215947a6a893c003dd9061f8815b7370942b89815e30bb2b2039d59e0f76e6383bdc98e6682833dcaeba5e90a88d5ad06a499fca71f4df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe

Filesize
468KB

MD5
c2d7f1de912d9183f2edc6df9b8d1c9c

SHA1
a233d663f79db1cf7888897d69604eea4938fbbb

SHA256
464d48cdd0db724462f68f3ffbd55a4fc21ca62a2da999991aa316449a64435b

SHA512
df6c10ab5740cb82dbda3c01795a7bb8bee6e946856c0e1292a77ff98744c9db0b8d3a785eb5b6812bb2082c3b8f1da43df8374922131e61a785441af5a10e65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe

Filesize
468KB

MD5
fb0aa27a68642546c046a4c851e559a9

SHA1
2001a8e694019afd123f7f2c929a531e15e8b05b

SHA256
2596498bdcc706dc5a413785dc4a33815b1430c7570e2616e931ad606ce80215

SHA512
cb3b03a40eb901a0cff18b9bc59344ae09f979906c6c0c56c24ad7da3026e0c78b8c3cbfa2f23e959ed728e7527019d71f80fb2919226c058f4d02b0064c03ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe

Filesize
468KB

MD5
f813856fd3219f547f8aa0d978c777ab

SHA1
d58b01a834e1190d62bc9c655ee981c33ae6b031

SHA256
f8a38f207fec9da581aade9cdfe064e2a0fba06566011fd02fdd6c14fc052373

SHA512
dcb4bab01f0cc9339d197f0d0be492a819064600e91504912cd3546b5d8436aec158955447ea2a5ee4f72d7a901739285d77ae953c1044e27ec717c3f8e16ff0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe

Filesize
468KB

MD5
a601c0948835ea013bdb68447213d8ca

SHA1
fdb2ff0f7dc0c3196eb4a40c15611a285bd6d1a0

SHA256
37a91309c98d28d568aa4dda878f4a699169c4d78e9c98f2e8f3ff2187b2d44d

SHA512
e1eb121497126d3ce3de6fe7e4ca2d554f7f72c9605170bf256dfb5ab88923dd37fbd1cd46e9cda5b780aeb36c7c2fd5d056ef6edde4443d1e5305f00a200ad9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe

Filesize
468KB

MD5
6cfd44863cccdbddaf4a3cf5b6f7070a

SHA1
2d08717cd612beda3b5651fa2000a9d3adf71fe3

SHA256
f86e8ed895ec322b359b061b1116369aa802f7e90f59a8f3fdc60f44ac5cdb79

SHA512
753557f27dfb0d35d18721ff5bbd0101463d89344e1bbbf11222e5f5d82f1d7d43ee8a91cf026337190728c4a3cc232c75e41a4a6e691d407b59bb4a2224c0ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe

Filesize
468KB

MD5
9fea30e95baa749107df60f3297dc7fb

SHA1
7cb9b3c56d9cc267a81d8f98bead5485aa855ad3

SHA256
4cc2184aa176ffdef4b0200e0aa3d4ed9cb5c8573d8f3cf0b4b3bc4b754e1d58

SHA512
0646e4993f49511fdf066bbfa627709594b67ad1d27085250ae2fd15501fcf3282f7646475bb103f6afdbabf3fcc96e1bf72759ec9e414513557caa3df0be2d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe

Filesize
468KB

MD5
b15da982d9cabc5f31fdc9b5c3bca2e0

SHA1
d620eeb0813ffecac945aa22b5b7813b0f749dfb

SHA256
3f12df5fbbf24a338d63dc170082bea1d3fdff31ccb0cf7b5ad4a00d38fd8aab

SHA512
123201e73f0ac5fa46a12ecd2f7122f67e453c0bb451be68bb39b002582ea1a4cd149871cdfa2f8f2f05a4e2b28d674e6de3105955072b250f480ca778cbd78e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe

Filesize
468KB

MD5
5d46151795393cd1f64a717ae6ba57be

SHA1
44382f0dab24643e0f61233d7bedef6d75615587

SHA256
55da1c8ceaad09071d8d299f75d80a68965fdf5488490de53d62fee627f00ca9

SHA512
63c0c50af1e478e529dd323e23e4d488fba6336cedd2b15fb87c83d66321623473004818ed99e7e8c12f14587fb8c512f8743ad55d4e6b331fa5945b3b4fa363

Download Submit