925da29e048387895c262f16a43116a8da15d6439d728bfb62afb61d1f8c418e

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59d77bdbc9b8c7425ed52e8ddb653210N.exe
Size

468KB
MD5

59d77bdbc9b8c7425ed52e8ddb653210
SHA1

4cb29d1d9d534b1ff7fc6c46a0035e16dabe9dc1
SHA256

925da29e048387895c262f16a43116a8da15d6439d728bfb62afb61d1f8c418e
SHA512

e53f6ef704ad1068a0d5c9179abf9332dab1e0d7c820d3b4b7160f0a1bdea6a8e4d8fd1cea9f56fd63f20987b26bc3f095200e07b49db515ab2f3e9a8c4cddb9
SSDEEP

3072:rhuUogIuIw5UrbYXHzcjrf8/EofC3lpC6FH0pVPTrapkiC8zdse1:rhJo3gUr4H4jrfjj+HraeJ8zd

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
396	Unicorn-40388.exe
2840	Unicorn-18276.exe
2920	Unicorn-13895.exe
2980	Unicorn-11204.exe
2080	Unicorn-36943.exe
2640	Unicorn-52040.exe
2408	Unicorn-25816.exe
2856	Unicorn-44398.exe
2556	Unicorn-40770.exe
2092	Unicorn-27165.exe
1560	Unicorn-10318.exe
2868	Unicorn-62120.exe
1684	Unicorn-16449.exe
972	Unicorn-16449.exe
1064	Unicorn-58275.exe
620	Unicorn-29281.exe
2456	Unicorn-33229.exe
2076	Unicorn-26768.exe
1828	Unicorn-33788.exe
1084	Unicorn-44438.exe
2300	Unicorn-5854.exe
2516	Unicorn-11931.exe
1960	Unicorn-33281.exe
1108	Unicorn-4753.exe
2148	Unicorn-40039.exe
1680	Unicorn-59905.exe
2000	Unicorn-40580.exe
1980	Unicorn-34449.exe
2576	Unicorn-33149.exe
2244	Unicorn-28131.exe
2600	Unicorn-3533.exe
1580	Unicorn-61374.exe
2420	Unicorn-1975.exe
2760	Unicorn-465.exe
2844	Unicorn-465.exe
2780	Unicorn-14200.exe
2636	Unicorn-20331.exe
2116	Unicorn-20331.exe
3028	Unicorn-54373.exe
2944	Unicorn-37876.exe
2804	Unicorn-13244.exe
1456	Unicorn-3379.exe
2796	Unicorn-64604.exe
2548	Unicorn-25653.exe
2028	Unicorn-6052.exe
2552	Unicorn-49571.exe
2344	Unicorn-8595.exe
2892	Unicorn-46465.exe
1060	Unicorn-32729.exe
2732	Unicorn-63835.exe
3044	Unicorn-6596.exe
2360	Unicorn-34804.exe
2284	Unicorn-31034.exe
2256	Unicorn-31034.exe
2436	Unicorn-4810.exe
2164	Unicorn-12079.exe
1044	Unicorn-52490.exe
2016	Unicorn-33797.exe
588	Unicorn-9755.exe
1548	Unicorn-59946.exe
2072	Unicorn-14803.exe
948	Unicorn-11745.exe
1020	Unicorn-63547.exe
1080	Unicorn-8945.exe

Loads dropped DLL 64 IoCs

pid	Process
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
396	Unicorn-40388.exe
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
396	Unicorn-40388.exe
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
396	Unicorn-40388.exe
2840	Unicorn-18276.exe
2840	Unicorn-18276.exe
396	Unicorn-40388.exe
2920	Unicorn-13895.exe
2920	Unicorn-13895.exe
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
2980	Unicorn-11204.exe
2980	Unicorn-11204.exe
2840	Unicorn-18276.exe
2840	Unicorn-18276.exe
2080	Unicorn-36943.exe
2080	Unicorn-36943.exe
2640	Unicorn-52040.exe
2408	Unicorn-25816.exe
396	Unicorn-40388.exe
2920	Unicorn-13895.exe
2408	Unicorn-25816.exe
396	Unicorn-40388.exe
2920	Unicorn-13895.exe
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
2640	Unicorn-52040.exe
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
2856	Unicorn-44398.exe
2856	Unicorn-44398.exe
2980	Unicorn-11204.exe
2980	Unicorn-11204.exe
2092	Unicorn-27165.exe
2092	Unicorn-27165.exe
2080	Unicorn-36943.exe
2080	Unicorn-36943.exe
972	Unicorn-16449.exe
972	Unicorn-16449.exe
2640	Unicorn-52040.exe
2640	Unicorn-52040.exe
2868	Unicorn-62120.exe
2868	Unicorn-62120.exe
1684	Unicorn-16449.exe
1684	Unicorn-16449.exe
2920	Unicorn-13895.exe
2920	Unicorn-13895.exe
2408	Unicorn-25816.exe
2408	Unicorn-25816.exe
2556	Unicorn-40770.exe
2556	Unicorn-40770.exe
1064	Unicorn-58275.exe
2840	Unicorn-18276.exe
1064	Unicorn-58275.exe
2840	Unicorn-18276.exe
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
396	Unicorn-40388.exe
396	Unicorn-40388.exe
2456	Unicorn-33229.exe
2456	Unicorn-33229.exe
2856	Unicorn-44398.exe
2856	Unicorn-44398.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2604	620	WerFault.exe	44
2860	2360	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63042.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe
396	Unicorn-40388.exe
2840	Unicorn-18276.exe
2920	Unicorn-13895.exe
2980	Unicorn-11204.exe
2080	Unicorn-36943.exe
2640	Unicorn-52040.exe
2408	Unicorn-25816.exe
2856	Unicorn-44398.exe
2556	Unicorn-40770.exe
2092	Unicorn-27165.exe
1560	Unicorn-10318.exe
972	Unicorn-16449.exe
2868	Unicorn-62120.exe
1684	Unicorn-16449.exe
1064	Unicorn-58275.exe
620	Unicorn-29281.exe
2456	Unicorn-33229.exe
2076	Unicorn-26768.exe
1828	Unicorn-33788.exe
1084	Unicorn-44438.exe
2516	Unicorn-11931.exe
2300	Unicorn-5854.exe
1680	Unicorn-59905.exe
1980	Unicorn-34449.exe
1108	Unicorn-4753.exe
2000	Unicorn-40580.exe
1960	Unicorn-33281.exe
2148	Unicorn-40039.exe
2244	Unicorn-28131.exe
2576	Unicorn-33149.exe
2600	Unicorn-3533.exe
1580	Unicorn-61374.exe
2420	Unicorn-1975.exe
2116	Unicorn-20331.exe
2844	Unicorn-465.exe
2636	Unicorn-20331.exe
3028	Unicorn-54373.exe
2780	Unicorn-14200.exe
2944	Unicorn-37876.exe
2760	Unicorn-465.exe
2796	Unicorn-64604.exe
1456	Unicorn-3379.exe
2804	Unicorn-13244.exe
2028	Unicorn-6052.exe
2548	Unicorn-25653.exe
2552	Unicorn-49571.exe
2344	Unicorn-8595.exe
1060	Unicorn-32729.exe
2892	Unicorn-46465.exe
2732	Unicorn-63835.exe
3044	Unicorn-6596.exe
2360	Unicorn-34804.exe
2284	Unicorn-31034.exe
2256	Unicorn-31034.exe
2436	Unicorn-4810.exe
2164	Unicorn-12079.exe
1044	Unicorn-52490.exe
2016	Unicorn-33797.exe
588	Unicorn-9755.exe
1548	Unicorn-59946.exe
2236	Unicorn-58514.exe
2072	Unicorn-14803.exe
948	Unicorn-11745.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 396	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	29
PID 2956 wrote to memory of 396	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	29
PID 2956 wrote to memory of 396	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	29
PID 2956 wrote to memory of 396	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	29
PID 396 wrote to memory of 2840	396	Unicorn-40388.exe	30
PID 396 wrote to memory of 2840	396	Unicorn-40388.exe	30
PID 396 wrote to memory of 2840	396	Unicorn-40388.exe	30
PID 396 wrote to memory of 2840	396	Unicorn-40388.exe	30
PID 2956 wrote to memory of 2920	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	31
PID 2956 wrote to memory of 2920	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	31
PID 2956 wrote to memory of 2920	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	31
PID 2956 wrote to memory of 2920	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	31
PID 2840 wrote to memory of 2980	2840	Unicorn-18276.exe	32
PID 2840 wrote to memory of 2980	2840	Unicorn-18276.exe	32
PID 2840 wrote to memory of 2980	2840	Unicorn-18276.exe	32
PID 2840 wrote to memory of 2980	2840	Unicorn-18276.exe	32
PID 396 wrote to memory of 2080	396	Unicorn-40388.exe	33
PID 396 wrote to memory of 2080	396	Unicorn-40388.exe	33
PID 396 wrote to memory of 2080	396	Unicorn-40388.exe	33
PID 396 wrote to memory of 2080	396	Unicorn-40388.exe	33
PID 2920 wrote to memory of 2640	2920	Unicorn-13895.exe	34
PID 2920 wrote to memory of 2640	2920	Unicorn-13895.exe	34
PID 2920 wrote to memory of 2640	2920	Unicorn-13895.exe	34
PID 2920 wrote to memory of 2640	2920	Unicorn-13895.exe	34
PID 2956 wrote to memory of 2408	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	35
PID 2956 wrote to memory of 2408	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	35
PID 2956 wrote to memory of 2408	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	35
PID 2956 wrote to memory of 2408	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	35
PID 2980 wrote to memory of 2856	2980	Unicorn-11204.exe	36
PID 2980 wrote to memory of 2856	2980	Unicorn-11204.exe	36
PID 2980 wrote to memory of 2856	2980	Unicorn-11204.exe	36
PID 2980 wrote to memory of 2856	2980	Unicorn-11204.exe	36
PID 2840 wrote to memory of 2556	2840	Unicorn-18276.exe	37
PID 2840 wrote to memory of 2556	2840	Unicorn-18276.exe	37
PID 2840 wrote to memory of 2556	2840	Unicorn-18276.exe	37
PID 2840 wrote to memory of 2556	2840	Unicorn-18276.exe	37
PID 2080 wrote to memory of 2092	2080	Unicorn-36943.exe	38
PID 2080 wrote to memory of 2092	2080	Unicorn-36943.exe	38
PID 2080 wrote to memory of 2092	2080	Unicorn-36943.exe	38
PID 2080 wrote to memory of 2092	2080	Unicorn-36943.exe	38
PID 2408 wrote to memory of 1684	2408	Unicorn-25816.exe	40
PID 396 wrote to memory of 1560	396	Unicorn-40388.exe	41
PID 396 wrote to memory of 1560	396	Unicorn-40388.exe	41
PID 396 wrote to memory of 1560	396	Unicorn-40388.exe	41
PID 396 wrote to memory of 1560	396	Unicorn-40388.exe	41
PID 2408 wrote to memory of 1684	2408	Unicorn-25816.exe	40
PID 2408 wrote to memory of 1684	2408	Unicorn-25816.exe	40
PID 2408 wrote to memory of 1684	2408	Unicorn-25816.exe	40
PID 2920 wrote to memory of 2868	2920	Unicorn-13895.exe	42
PID 2920 wrote to memory of 2868	2920	Unicorn-13895.exe	42
PID 2920 wrote to memory of 2868	2920	Unicorn-13895.exe	42
PID 2920 wrote to memory of 2868	2920	Unicorn-13895.exe	42
PID 2640 wrote to memory of 972	2640	Unicorn-52040.exe	39
PID 2640 wrote to memory of 972	2640	Unicorn-52040.exe	39
PID 2640 wrote to memory of 972	2640	Unicorn-52040.exe	39
PID 2640 wrote to memory of 972	2640	Unicorn-52040.exe	39
PID 2956 wrote to memory of 1064	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	43
PID 2956 wrote to memory of 1064	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	43
PID 2956 wrote to memory of 1064	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	43
PID 2956 wrote to memory of 1064	2956	59d77bdbc9b8c7425ed52e8ddb653210N.exe	43
PID 2856 wrote to memory of 620	2856	Unicorn-44398.exe	44
PID 2856 wrote to memory of 620	2856	Unicorn-44398.exe	44
PID 2856 wrote to memory of 620	2856	Unicorn-44398.exe	44
PID 2856 wrote to memory of 620	2856	Unicorn-44398.exe	44

C:\Users\Admin\AppData\Local\Temp\59d77bdbc9b8c7425ed52e8ddb653210N.exe
"C:\Users\Admin\AppData\Local\Temp\59d77bdbc9b8c7425ed52e8ddb653210N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 220
        7⤵
        Program crash
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        7⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
        6⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
        6⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        6⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52490.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        7⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        7⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
        6⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        6⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        6⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        6⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54977.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        6⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        7⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
        6⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        5⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
        5⤵
        
        PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        6⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        7⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        7⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        6⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        6⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        5⤵
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        5⤵
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37795.exe
        5⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        5⤵
        
        PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        5⤵
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42558.exe
        5⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        5⤵
        
        PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        5⤵
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
      4⤵
      PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
      4⤵
      PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        6⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
        6⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        6⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        6⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11323.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        5⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
        6⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        7⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
      4⤵
      PID:628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
      4⤵
      PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
      4⤵
      PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
      4⤵
      PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
    3⤵
    - Executes dropped EXE
    PID:1080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
    3⤵
    PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
    3⤵
    PID:5028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16449.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        7⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        7⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        6⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        6⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
        6⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42367.exe
        5⤵
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14803.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        5⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        5⤵
        
        PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
      4⤵
      PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
      4⤵
      PID:4400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        6⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55085.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18847.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        5⤵
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        5⤵
        
        PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
      4⤵
      PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
      4⤵
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      4⤵
      PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
      4⤵
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
      4⤵
      PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6524.exe
    3⤵
    PID:108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
    3⤵
    PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
    3⤵
    PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16449.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        5⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        5⤵
        
        PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
      4⤵
      PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
      4⤵
      PID:5092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        5⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        6⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16557.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        5⤵
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        5⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
      4⤵
      PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
      4⤵
      PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53837.exe
      4⤵
      PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2360
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
      4⤵
      Program crash
      PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
    3⤵
    PID:540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
    3⤵
    PID:3288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
    3⤵
    PID:3548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
    3⤵
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
    3⤵
    PID:4176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
      4⤵
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        5⤵
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        5⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        5⤵
        
        PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
      4⤵
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
      4⤵
      PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
      4⤵
      PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        5⤵
        
        PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
      4⤵
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
      4⤵
      PID:4688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
      4⤵
      PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
      4⤵
      PID:4520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
      4⤵
      PID:4012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
    3⤵
    PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
    3⤵
    PID:4004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
    3⤵
    PID:2084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
    3⤵
    PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
    3⤵
    PID:4476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
  2⤵
  PID:2108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
  2⤵
  PID:576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
  2⤵
  PID:3172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
  2⤵
  PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe

Filesize
468KB

MD5
b7c85fee5884dd2ac5a36dbb269efd8b

SHA1
0dc96ea5febe4674380d220ae513c975d0af1091

SHA256
407d834cd50fc52d372d71fd702abc3013d97d5cf124776a63f07435d0933efd

SHA512
24d300ff9fcff257d1c3bd23a55ca866102b45593a01642fcd4d2a342c13f2d87fe0c4b6d8efaf6a22e6bc47301463a0820d9490e84f856f3873cb607f42c409

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16449.exe

Filesize
468KB

MD5
9bab91a12e6d03a80e4c6ddeeeec2df2

SHA1
8b12aac6be8a8c7aa66c872e41925a312bb41336

SHA256
c813d4aa43ee63a791eb66b01cfb976a88204f5c63c9e9700dd8f96ffbe91b47

SHA512
0a3f9f4e5c6bd98bebb8a3785f3eca577945e5c48951851534b908f7cebcceab6de4fa161031eac58ade6a3751164757b37d5bb22180f12c3c34afc43a60dc06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe

Filesize
468KB

MD5
5fbaa34076c977000b959b14ca4088e8

SHA1
9bc57a2ed02e7f828bd4ab437c21c237706e70f7

SHA256
1a0d7a5a80eaccb9871f1e5b83340ebc1c7118cfeac4b557c4a97869f1579579

SHA512
25efda4d93d3dde22317a491b72962839d23b20f6ed2805eff34a976c264b22e23c3598658885b035817e58c3b939ce8d00838cb49eaa0b486626be673cd8320

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25816.exe

Filesize
468KB

MD5
a4d51daef24dc531cf00b523111f8e6d

SHA1
7210e7f78f779e3a7882e471b98ab4ba22249c85

SHA256
a4f0b1c81b8fbf85dc945c344a75810b803c30df5f344c9775fd364772297daf

SHA512
a9ef1b3b864022875e35662aaee2d6d5a1a0b648905bb23ae7319c50659896a927018795d2f57d7f2260b2aa0d44c3ac5843b3fa61bfda7571e2193c7d729e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe

Filesize
468KB

MD5
0a51e51cab96aa66fb7f3681a1da8f64

SHA1
737ebec62705fa3506a4b842e68ed32db4712a25

SHA256
d79addcda678d7094a8a950c6a86e6e9b4228385f260ef5564b632784cecbccc

SHA512
a0cb1072ba33d7b0942ab158d4c1e917868b5f568018dc905f462f01dda68bff648961d7a61411acc96a5a661bfd1d2fbaadd82ef259f2571e238f98b955300f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe

Filesize
468KB

MD5
c59445098e37e764b26d4e68f03da5ab

SHA1
0147e989107d51d6b3cf3b02beeb6b5c5c55487b

SHA256
7b2993008472694ed5e35546472562510370bc671321887c861be112e478ad85

SHA512
717d63ade3ee4b8fbb5449195b2606f6ca5b34a8e42e44d67211cb30c621221ddaa3d6b87b9dee8134ebc549b0858822527f71731f4d497cda054a56c98598c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe

Filesize
468KB

MD5
cc645186dd7f31c5daa225868a1333a7

SHA1
a1b78f7d27c032b1196a12427d8c73955e29c6f7

SHA256
425f27c3f129fdef51188d4361b4868e439492f91522c3a9b39f366627391cca

SHA512
88117229a456964692cf3c0d46144940c8f1778b9d978d5f574c081b27d2a1cc4b624194a54e09ae98e0fc7a14d3ce8f2dfac8880197e01dd3bcd407f09ba62b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe

Filesize
468KB

MD5
4d0c7acc7574fc980f1df36db125260b

SHA1
cdb2a9886d4262453c4f2eb5baa0ce56052da69c

SHA256
4580b3be52ed7076d562eface38b787a0f994c7241b2ae39c74f7db575e1d089

SHA512
ba76e2e4b195a31e35ea3827ca00a10fa5ba6029b2199dcf8ad157957719ecea56a813dcc84274ee2677ef7bb1e33ac66465983c43fd630e17f30a472ce9c999

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe

Filesize
468KB

MD5
394546d04807d4a0b3faf8a5aa0f158a

SHA1
ce73e690481d2c756f5d768bb7ba635c3d7f91bc

SHA256
f99f3d72e7a9fc92c9329e9576c96c934c4a3b9fdf22908c1693c9045c0797d3

SHA512
de8849b1c14fc3c44a1c44753e9a49684e32e39d1a27351254de049d29570a873edcaefcf5e0674ff0cbe9f24418338a2404824555419dbf0f110f579c13a77d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe

Filesize
468KB

MD5
683b5cc4099ef2d5b3f25d73b6451697

SHA1
9d25ec2965611ec435398ea500bfd45621109fb5

SHA256
97d9c6b14677e1d2a5381afb47bf8641d5c6cf1e670f176725cd5bd21a0f226a

SHA512
7eddf959d8bf883a381c3070d215475708bdcce38572d850161607c8847ecc782a2ead833b0378a206b4e84022d35a5f8630c62c9c5f3fc3630b8c2bf524d590

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe

Filesize
468KB

MD5
c726bcb13f8e503be042307a1ac14a33

SHA1
969852903b1196ddbf937fddc37476ae73d94f8f

SHA256
7bb12bd80a41759df707a4df57aa03ba758b526abf525d152453d6487a88007d

SHA512
ac865ce1904c2d9e374eefcc6accfc8d90a2cd3d8befb440c82815805e65d0d0db80abd594fe850245c80116d47a01f4049fa0e15433324bb563c4880e75e8ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe

Filesize
468KB

MD5
7e083038ca16e02066661d8c62e0f439

SHA1
1d0ae99c7776b7a1b13ae542b559d76685af1a1b

SHA256
c9cba137498e5c80c94a901a141dd5c4f72e4e436b55e15f5c9225dfc50416ec

SHA512
577e25931e86de87f4361da3148a3bb3ae67a1074da57bb9617acf44756957567e96c3112767f51dcd1832baad512658c80d339ae09de811a1832458c112d9f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe

Filesize
468KB

MD5
2326555fe26f8208fcc6164d385dcd04

SHA1
b91deddd5353a85ba798a5fc6e7f9afb54e4abfc

SHA256
82b98d756b7809ae713bc034690ad091eeec7c63afd223f92373932aee26c7a4

SHA512
5b7611d78441747f37bc94f1e7fb4322a8f8236fd862c03f96c08db03e504c0535e6c8b273226e69d1174d0b4ad0d4aec7a381d4adcfe10e5121aab317083495

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe

Filesize
468KB

MD5
89f075a5b5785f50ec8100923fe59568

SHA1
d52c25110e9118ee16df1dc18b8ccfe7834a72d6

SHA256
2ac27d76992d6deb042026de9a04828592186d2d1222e6dfc254006b578b5822

SHA512
2b50bcd3ebe90ae1890956448eb43af5444c99ce0ad4d4add4f3a7d4d9dac52cc0dc7875e41ab2e6fbc4679fd25628f65e59403b40c0a3803f89b35a7b5930a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe

Filesize
468KB

MD5
fed32288981adaa159ff64135dd2dcfb

SHA1
e43906d8c2342e03a6d23c2f785e6d8ad782bea6

SHA256
84fecdb0626281941cae573c36743b03e1108c3db5a9a4c60a94f4b557aae20b

SHA512
6283ada12bfd5e2c24144299092d85e17bfefab3a6a8b08ad052169fc08bac8e03dd86c26d78d079bd3c1fbe5c674fa1e4744b53cdd511c073495c7c585b22ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe

Filesize
468KB

MD5
b2ce460cc491e6cabf8f97870baf2bc1

SHA1
9291db8a76628b0394efab906876f41c1bed32dd

SHA256
8e78a2db861db49833621e8b529cf39bc0e733494fecd1f4c512cfb53eb72eab

SHA512
9db764c20bb2405ded249fd99346117a0299f772bf54d397a710e77f82191ec19f5a4dd942aa78c6de3febf4cda595f23391e275cf000fa9506d5b124556733c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe

Filesize
468KB

MD5
8030135fa1a22a23fe77cc0346197887

SHA1
4e10e397e9157735d5509f303ba8a14fbac33dc5

SHA256
06a909c2f2c5b82a44a763d12013b0fc6ce2998f88c4215ddd80da5079bea2d8

SHA512
4f3c0ef0bdef2595afcc9047c5b5b9fea97cd3c8d8dd81c8c3ec8e0e9acfa523055b23b780ffcd05ac554de3c58dd760d29d17abc1bc688804dde1dae3f13c40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe

Filesize
468KB

MD5
bdddcf4df6e3b92fe1adb806ce8d972a

SHA1
83f3e36bc03c345a3519119525941307454011d5

SHA256
5a01f5018b08276f3bcb84dcc04b5be28df1db93561fdd9f9176b478fc0d7ad0

SHA512
718bbf444ecae5c68d6b093a8ca982fb5531c02053546e89ac91854fec3cafc36b29352df29b00c0fff4dd7fa6d526871332dbcd7a452d8a783d3b2f96dc6481

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe

Filesize
468KB

MD5
f2fef22f73029af9f0e9f7ac5dfc88e0

SHA1
b02efd62dd0c8188aab7e5d2d0bd929458eaa577

SHA256
961331775d93c28b3c74a25d43b7fa9b8828f5b5a27a49408451fe18d5e30c05

SHA512
3bddc88b0f9708f43124c816d7495b2101fc993a8cfbe4caf42534dbb1f1d467622762516b5ccefe07f0b4ba3a72cebcf316531bae9be18abeaa74658e2eebaf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe

Filesize
468KB

MD5
a672618f0776dc51f130f8fb16e3f7fa

SHA1
88dd0f123160088cf9314bf05123f656424ebfe6

SHA256
a20c6333a3150c16c9ce8bc0d1b46a158415d7eef75de7bca65eaf76f9d21e3c

SHA512
088cbc13438da98f3a8d9c5fef36836e735f915c55a1a438fafee3f0140aa9283ee3370ceed7ad9d23e439214c93e33e7fd83ca1a6ef0bdcbf2a8cd9f7231b14

Download Submit