50665476104ae302027ad35abaf2e5777945628cfd1d22f39071de6ff2f58438

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2e2dd65df146595b307aa4f02b84190N.exe
Size

468KB
MD5

f2e2dd65df146595b307aa4f02b84190
SHA1

07b98f2202774bb7352db53df7fd19e683e5d323
SHA256

50665476104ae302027ad35abaf2e5777945628cfd1d22f39071de6ff2f58438
SHA512

e1367fcc8d8d9162829fe2211616cc78273690f88e6ce74b4aae3da7a29a07ae16dd10a79bf1ecd1b55bfce8ef8edddf6e43496b1c6e6643900099a92ffc897c
SSDEEP

3072:1bB2ogIdFn5UnbYbHzcjVf8/EChCy7/CbLH0xVP1g292cxMuuVeP:1bcod5UnEH4jVfCjRJg2MAMuu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2040	Unicorn-7060.exe
2776	Unicorn-19396.exe
2780	Unicorn-26172.exe
2836	Unicorn-30325.exe
2900	Unicorn-65135.exe
2620	Unicorn-30224.exe
2684	Unicorn-16489.exe
2960	Unicorn-48197.exe
1620	Unicorn-27512.exe
2456	Unicorn-27777.exe
2144	Unicorn-7911.exe
2936	Unicorn-23693.exe
2932	Unicorn-53713.exe
2412	Unicorn-1911.exe
328	Unicorn-3957.exe
2224	Unicorn-19884.exe
2216	Unicorn-2785.exe
2388	Unicorn-7631.exe
1612	Unicorn-20460.exe
1508	Unicorn-4678.exe
1688	Unicorn-14329.exe
1972	Unicorn-5493.exe
1704	Unicorn-14329.exe
1740	Unicorn-43018.exe
1112	Unicorn-57963.exe
1532	Unicorn-41492.exe
2132	Unicorn-21891.exe
1540	Unicorn-41757.exe
1608	Unicorn-6899.exe
1644	Unicorn-26765.exe
2080	Unicorn-25181.exe
1328	Unicorn-32694.exe
2924	Unicorn-33779.exe
2540	Unicorn-49515.exe
2092	Unicorn-9229.exe
2788	Unicorn-55737.exe
2856	Unicorn-22964.exe
2704	Unicorn-23427.exe
2872	Unicorn-31041.exe
2648	Unicorn-53499.exe
2588	Unicorn-42224.exe
2640	Unicorn-44938.exe
2064	Unicorn-44938.exe
1984	Unicorn-36007.exe
1936	Unicorn-38451.exe
2808	Unicorn-14574.exe
652	Unicorn-48830.exe
2748	Unicorn-40562.exe
2180	Unicorn-33588.exe
1672	Unicorn-53454.exe
2344	Unicorn-6199.exe
2172	Unicorn-6199.exe
2248	Unicorn-14922.exe
804	Unicorn-41564.exe
2212	Unicorn-31834.exe
2364	Unicorn-2691.exe
2128	Unicorn-57690.exe
2260	Unicorn-20782.exe
1332	Unicorn-37621.exe
2432	Unicorn-54030.exe
1648	Unicorn-9660.exe
760	Unicorn-38824.exe
2156	Unicorn-58690.exe
1732	Unicorn-58690.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2040	Unicorn-7060.exe
2040	Unicorn-7060.exe
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2776	Unicorn-19396.exe
2780	Unicorn-26172.exe
2780	Unicorn-26172.exe
2776	Unicorn-19396.exe
2040	Unicorn-7060.exe
2040	Unicorn-7060.exe
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2620	Unicorn-30224.exe
2620	Unicorn-30224.exe
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2900	Unicorn-65135.exe
2900	Unicorn-65135.exe
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2776	Unicorn-19396.exe
2776	Unicorn-19396.exe
2836	Unicorn-30325.exe
2836	Unicorn-30325.exe
2780	Unicorn-26172.exe
2780	Unicorn-26172.exe
2040	Unicorn-7060.exe
2040	Unicorn-7060.exe
2684	Unicorn-16489.exe
2684	Unicorn-16489.exe
1620	Unicorn-27512.exe
1620	Unicorn-27512.exe
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2144	Unicorn-7911.exe
2144	Unicorn-7911.exe
2456	Unicorn-27777.exe
2456	Unicorn-27777.exe
2684	Unicorn-16489.exe
2780	Unicorn-26172.exe
2776	Unicorn-19396.exe
328	Unicorn-3957.exe
2684	Unicorn-16489.exe
2780	Unicorn-26172.exe
2776	Unicorn-19396.exe
328	Unicorn-3957.exe
2936	Unicorn-23693.exe
2936	Unicorn-23693.exe
2900	Unicorn-65135.exe
2900	Unicorn-65135.exe
2620	Unicorn-30224.exe
2040	Unicorn-7060.exe
2620	Unicorn-30224.exe
2040	Unicorn-7060.exe
2412	Unicorn-1911.exe
2412	Unicorn-1911.exe
2932	Unicorn-53713.exe
2216	Unicorn-2785.exe
2932	Unicorn-53713.exe
2216	Unicorn-2785.exe
2960	Unicorn-48197.exe
2960	Unicorn-48197.exe
2836	Unicorn-30325.exe
2836	Unicorn-30325.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1456	2460	WerFault.exe	178

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f2e2dd65df146595b307aa4f02b84190N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14180.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2220	f2e2dd65df146595b307aa4f02b84190N.exe
2040	Unicorn-7060.exe
2776	Unicorn-19396.exe
2780	Unicorn-26172.exe
2620	Unicorn-30224.exe
2900	Unicorn-65135.exe
2836	Unicorn-30325.exe
2684	Unicorn-16489.exe
1620	Unicorn-27512.exe
2144	Unicorn-7911.exe
2936	Unicorn-23693.exe
2932	Unicorn-53713.exe
2456	Unicorn-27777.exe
2960	Unicorn-48197.exe
328	Unicorn-3957.exe
2412	Unicorn-1911.exe
2216	Unicorn-2785.exe
1972	Unicorn-5493.exe
2224	Unicorn-19884.exe
2388	Unicorn-7631.exe
2132	Unicorn-21891.exe
1688	Unicorn-14329.exe
1612	Unicorn-20460.exe
1112	Unicorn-57963.exe
1740	Unicorn-43018.exe
1540	Unicorn-41757.exe
1508	Unicorn-4678.exe
1704	Unicorn-14329.exe
1532	Unicorn-41492.exe
1644	Unicorn-26765.exe
1608	Unicorn-6899.exe
2080	Unicorn-25181.exe
1328	Unicorn-32694.exe
2924	Unicorn-33779.exe
2540	Unicorn-49515.exe
2092	Unicorn-9229.exe
2856	Unicorn-22964.exe
2788	Unicorn-55737.exe
2704	Unicorn-23427.exe
2872	Unicorn-31041.exe
2588	Unicorn-42224.exe
2064	Unicorn-44938.exe
2640	Unicorn-44938.exe
1984	Unicorn-36007.exe
2648	Unicorn-53499.exe
652	Unicorn-48830.exe
1936	Unicorn-38451.exe
2808	Unicorn-14574.exe
2748	Unicorn-40562.exe
2180	Unicorn-33588.exe
1672	Unicorn-53454.exe
2172	Unicorn-6199.exe
2344	Unicorn-6199.exe
804	Unicorn-41564.exe
2248	Unicorn-14922.exe
2364	Unicorn-2691.exe
2212	Unicorn-31834.exe
2128	Unicorn-57690.exe
2260	Unicorn-20782.exe
1332	Unicorn-37621.exe
2432	Unicorn-54030.exe
1732	Unicorn-58690.exe
760	Unicorn-38824.exe
1648	Unicorn-9660.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2040	2220	f2e2dd65df146595b307aa4f02b84190N.exe	30
PID 2220 wrote to memory of 2040	2220	f2e2dd65df146595b307aa4f02b84190N.exe	30
PID 2220 wrote to memory of 2040	2220	f2e2dd65df146595b307aa4f02b84190N.exe	30
PID 2220 wrote to memory of 2040	2220	f2e2dd65df146595b307aa4f02b84190N.exe	30
PID 2040 wrote to memory of 2776	2040	Unicorn-7060.exe	31
PID 2040 wrote to memory of 2776	2040	Unicorn-7060.exe	31
PID 2040 wrote to memory of 2776	2040	Unicorn-7060.exe	31
PID 2040 wrote to memory of 2776	2040	Unicorn-7060.exe	31
PID 2220 wrote to memory of 2780	2220	f2e2dd65df146595b307aa4f02b84190N.exe	32
PID 2220 wrote to memory of 2780	2220	f2e2dd65df146595b307aa4f02b84190N.exe	32
PID 2220 wrote to memory of 2780	2220	f2e2dd65df146595b307aa4f02b84190N.exe	32
PID 2220 wrote to memory of 2780	2220	f2e2dd65df146595b307aa4f02b84190N.exe	32
PID 2780 wrote to memory of 2836	2780	Unicorn-26172.exe	34
PID 2780 wrote to memory of 2836	2780	Unicorn-26172.exe	34
PID 2780 wrote to memory of 2836	2780	Unicorn-26172.exe	34
PID 2780 wrote to memory of 2836	2780	Unicorn-26172.exe	34
PID 2776 wrote to memory of 2900	2776	Unicorn-19396.exe	33
PID 2776 wrote to memory of 2900	2776	Unicorn-19396.exe	33
PID 2776 wrote to memory of 2900	2776	Unicorn-19396.exe	33
PID 2776 wrote to memory of 2900	2776	Unicorn-19396.exe	33
PID 2040 wrote to memory of 2684	2040	Unicorn-7060.exe	35
PID 2040 wrote to memory of 2684	2040	Unicorn-7060.exe	35
PID 2040 wrote to memory of 2684	2040	Unicorn-7060.exe	35
PID 2040 wrote to memory of 2684	2040	Unicorn-7060.exe	35
PID 2220 wrote to memory of 2620	2220	f2e2dd65df146595b307aa4f02b84190N.exe	36
PID 2220 wrote to memory of 2620	2220	f2e2dd65df146595b307aa4f02b84190N.exe	36
PID 2220 wrote to memory of 2620	2220	f2e2dd65df146595b307aa4f02b84190N.exe	36
PID 2220 wrote to memory of 2620	2220	f2e2dd65df146595b307aa4f02b84190N.exe	36
PID 2620 wrote to memory of 2960	2620	Unicorn-30224.exe	37
PID 2620 wrote to memory of 2960	2620	Unicorn-30224.exe	37
PID 2620 wrote to memory of 2960	2620	Unicorn-30224.exe	37
PID 2620 wrote to memory of 2960	2620	Unicorn-30224.exe	37
PID 2900 wrote to memory of 2456	2900	Unicorn-65135.exe	39
PID 2900 wrote to memory of 2456	2900	Unicorn-65135.exe	39
PID 2900 wrote to memory of 2456	2900	Unicorn-65135.exe	39
PID 2900 wrote to memory of 2456	2900	Unicorn-65135.exe	39
PID 2220 wrote to memory of 1620	2220	f2e2dd65df146595b307aa4f02b84190N.exe	38
PID 2220 wrote to memory of 1620	2220	f2e2dd65df146595b307aa4f02b84190N.exe	38
PID 2220 wrote to memory of 1620	2220	f2e2dd65df146595b307aa4f02b84190N.exe	38
PID 2220 wrote to memory of 1620	2220	f2e2dd65df146595b307aa4f02b84190N.exe	38
PID 2776 wrote to memory of 2144	2776	Unicorn-19396.exe	40
PID 2776 wrote to memory of 2144	2776	Unicorn-19396.exe	40
PID 2776 wrote to memory of 2144	2776	Unicorn-19396.exe	40
PID 2776 wrote to memory of 2144	2776	Unicorn-19396.exe	40
PID 2836 wrote to memory of 2936	2836	Unicorn-30325.exe	41
PID 2836 wrote to memory of 2936	2836	Unicorn-30325.exe	41
PID 2836 wrote to memory of 2936	2836	Unicorn-30325.exe	41
PID 2836 wrote to memory of 2936	2836	Unicorn-30325.exe	41
PID 2780 wrote to memory of 2932	2780	Unicorn-26172.exe	42
PID 2780 wrote to memory of 2932	2780	Unicorn-26172.exe	42
PID 2780 wrote to memory of 2932	2780	Unicorn-26172.exe	42
PID 2780 wrote to memory of 2932	2780	Unicorn-26172.exe	42
PID 2040 wrote to memory of 2412	2040	Unicorn-7060.exe	43
PID 2040 wrote to memory of 2412	2040	Unicorn-7060.exe	43
PID 2040 wrote to memory of 2412	2040	Unicorn-7060.exe	43
PID 2040 wrote to memory of 2412	2040	Unicorn-7060.exe	43
PID 2684 wrote to memory of 328	2684	Unicorn-16489.exe	44
PID 2684 wrote to memory of 328	2684	Unicorn-16489.exe	44
PID 2684 wrote to memory of 328	2684	Unicorn-16489.exe	44
PID 2684 wrote to memory of 328	2684	Unicorn-16489.exe	44
PID 1620 wrote to memory of 2224	1620	Unicorn-27512.exe	45
PID 1620 wrote to memory of 2224	1620	Unicorn-27512.exe	45
PID 1620 wrote to memory of 2224	1620	Unicorn-27512.exe	45
PID 1620 wrote to memory of 2224	1620	Unicorn-27512.exe	45

C:\Users\Admin\AppData\Local\Temp\f2e2dd65df146595b307aa4f02b84190N.exe
"C:\Users\Admin\AppData\Local\Temp\f2e2dd65df146595b307aa4f02b84190N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46454.exe
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
        7⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        7⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        6⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        7⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        7⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        6⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        6⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        6⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        7⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        5⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        5⤵
        
        PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64997.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
        5⤵
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        7⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8887.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        7⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34823.exe
        6⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        6⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
        6⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
        5⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        7⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        6⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
        5⤵
        
        PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
      4⤵
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
      4⤵
      PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
      4⤵
      PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        7⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        6⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        6⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        5⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        6⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        5⤵
        
        PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        5⤵
        
        PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
      4⤵
      PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        6⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        6⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        6⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52215.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        5⤵
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        5⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
        5⤵
        
        PID:2460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 148
        6⤵
        Program crash
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        5⤵
        
        PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
      4⤵
      PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
      4⤵
      PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41492.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        6⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34958.exe
        6⤵
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        6⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        6⤵
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        5⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      4⤵
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        5⤵
        
        PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42607.exe
      4⤵
      PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
      4⤵
      PID:4896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36007.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      4⤵
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
    3⤵
    PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
    3⤵
    PID:3192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
    3⤵
    PID:4932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        7⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        6⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        6⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        6⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63691.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        5⤵
        
        PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42946.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        6⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        5⤵
        
        PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        5⤵
        
        PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
      4⤵
      PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
      4⤵
      PID:4132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        7⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        7⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-117.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        6⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
      4⤵
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
      4⤵
      PID:236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
      4⤵
      PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        6⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        5⤵
        
        PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        5⤵
        
        PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
      4⤵
      PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
      4⤵
      PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      4⤵
      PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47788.exe
    3⤵
    PID:360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
    3⤵
    PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
    3⤵
    PID:4016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16824.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
    3⤵
    PID:4880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        5⤵
        Executes dropped EXE
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        5⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        5⤵
        
        PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
      4⤵
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
      4⤵
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        5⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
      4⤵
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
      4⤵
      PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
      4⤵
      PID:4248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
    3⤵
    PID:948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
    3⤵
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
    3⤵
    PID:4488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        5⤵
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
      4⤵
      PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
      4⤵
      PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
    3⤵
    PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
    3⤵
    PID:4104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26765.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
      4⤵
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      4⤵
      PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      4⤵
      PID:4116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
    3⤵
    PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
    3⤵
    PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
    3⤵
    PID:3968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
    3⤵
    PID:4644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
      4⤵
      PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
    3⤵
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
    3⤵
    PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
    3⤵
    PID:4208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
  2⤵
  PID:3156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
  2⤵
  PID:3428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe

Filesize
468KB

MD5
a0978cf3d7b5a98bbe69b3850b3eba08

SHA1
99f43af69d3cdb1233ac49eaa1f457fef701c96e

SHA256
de31e16f73294658c72d02bc1748139dfa135529b456dd1eee354ce8e1fe8b22

SHA512
cb57ba5aeb80fb36fd5527f01c106e8e5fb276ef18cfd2dc48a55a23ea3014833359a846179e9a0cf9c197c2469190ed83b95053c6c8e50079b68f9e7605f82a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe

Filesize
468KB

MD5
94a73424e91e04fbcff300d203a32b54

SHA1
9197f59c64efbdd01ce7f331d86739da20427381

SHA256
b9bae24c2b3def717620d5f5da1d946e3aea13ef92d31b625a6f0be86e08a076

SHA512
58c926d6db7245887d6469b8256d1eba3d478076e4546c4cab9a2b812d51435d54edf4473eaf4efa44227faf4d10a0a86bad005724262de8d19cf1fe65bf8d3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe

Filesize
468KB

MD5
c6009c1d25c48ba8f88eb244a7466495

SHA1
1c09d7225530aaeb232ae484c04bb2169bba3241

SHA256
11357062781b184290bf5ac5763ab8312beb0f400d0635f060bef9b8faf178b3

SHA512
aaa47a0bca16bd3844390c7ff162bf2dedc99e40ac292cdba444fb8f1141ffb78565665468ed3e246249b17efaff42a61e2d1bf4002fffdba1e34eb038435f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe

Filesize
468KB

MD5
a98bdbd7365ad2d1efc318a5940d9669

SHA1
919b5e8c0fb217932df2a8e1aab2891a0007e00e

SHA256
0d130cc4f2687de6522e772aa0187a17b2e0deffa87010c4329a337d72839c02

SHA512
afb3661667f425ed0203bc4950a2105898f58cbcaeb281d92bca3c5d9d4fee1b9d1dc90416d16bbb333ad020cc16ac4eb7e314a6c69037396cc38d13d234b0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe

Filesize
468KB

MD5
a34f4d812c36d2072284331895c4e56f

SHA1
f125a4cd6a273d21eeb05dfad657155abc1f9f68

SHA256
bce0906703b228103a196c21942e8a946e5d0fadfea4f7e88561325b348184e7

SHA512
e0bd7167fb12f7271f9ae428fccfadbcb0ab35eb636542367eded01a746e6b715b0f55e8b8e6f6e2369dd89a189264c20b6b4639cfb64956cbfce9fca79fa494

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe

Filesize
468KB

MD5
fae0bec70a38a50660e0d8eb6bb07ef3

SHA1
32560cab0e3e03b2a1bd0a2e422e8ee1edcfd47e

SHA256
c4c18962016fff178d30b014da3cb8ce7bd142e98deba2a8dc48732e469bf696

SHA512
db5c325854036fa3055f8d1a13e3560bb138c3cb388ec9d609f52b885f5e6d641d18a2feee2fc9fbe693473e0898f1679729f038244be405a2f79074ff222c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe

Filesize
468KB

MD5
416ae723dd12471552fe43e1cd8a8f0f

SHA1
1958ef151a8e99081f427954feb3b9a0338118ba

SHA256
27542c897dd82fadf71dcf18561172160c973efd80cbc28000b049af38dfb804

SHA512
1a267aeb0c20b26e8d74538bb7c0cf224fae9e5d83114bc3a866dd59d6eb78470d722127528b5496393fc2fd5afbe9ebbb5f7a846c818293cd7ae57095c62a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe

Filesize
468KB

MD5
45456aeb4ca5d0830657773a609f7b64

SHA1
b920b8f3ecbb44e5e10b9c276844999be001bea1

SHA256
fb65d1f00b3e1a2e8f4be4083c8faca9913ba2dfb4913f8c2eba789cddc9073d

SHA512
9691a74ea154b282a6b1c7e47d9459ce65ce9721fdf87da1438311ada204247a8960a1c72d65cd03f6c9a9d4176708547938f28bf3675519760fbbae4dbd68e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe

Filesize
468KB

MD5
9a742ca5ba9981a3d6cc1a0f8cd0b1c4

SHA1
f5439008adfcf6ba7236ead1d12fc1d62f1dd416

SHA256
3ba1ff12c0d0cc6b126bdad38efc388448dcfb6b5e238dbc594173adb032c870

SHA512
95665704f838e5dc1eab5197771e4517a3155c81f1b3f2f82ec542fa14562f9a57a02d284c018e481831b773c7f4049cf2bba4bf4953ac399af04e65c744db3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe

Filesize
468KB

MD5
0d58beb0dfa4fd30c2f86f2d41150c4c

SHA1
27cc2a2ffe071c2e20d10b684c9046bc3056f471

SHA256
11dedbb965a291b9646000f7ada401ad8d7064c000bab4bceb4fdd1679db2080

SHA512
287d42258d5e52211cbcb1b6de24de7e05281114ea56e0e0855498e94b9c14d4b75e634e79ce187dfee22aac87874477d08eca57d6b4c13e13baa7ee1b554c3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe

Filesize
468KB

MD5
c780a6a8cdabccbe9e1a3808fdb9a9eb

SHA1
6de05be025ddf8dda6673030ad73f8781d9aa6df

SHA256
22163d4040ba72b63ee075d6b8bfc4299e2ebad52a9834339d3d2c92e876afda

SHA512
54627a36eef24429aeb552bc5b194ac01a37fcc46cfde4fd656a68f683a6ef234d7b7ab9177b454e2000f3c307a4b17406cd535df8e06c6a68d6acb11106ded1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe

Filesize
468KB

MD5
af30d43320525026727359562fb859ff

SHA1
23f9cc8aa9bd48f67b51a77f4400ca11948a96ec

SHA256
67df2f35573e71528dde5012f0635e345f59e071a0f585b133d027992878b83a

SHA512
5bc477f9a7c056bdb2d98f1323c4086231e0c93f0b3cee11861099e4eece6f8c604f9c3b68b868277be6558cb90f3c00ccb61f402051c33e72d521e4036b13c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe

Filesize
468KB

MD5
0f8082810153579f1fb1c1907ddce5bb

SHA1
8b084af42abb66c8ae4a29bb5ea7ce7b56b6777e

SHA256
967c2afbdec16f226daf960089388a373ed2d683b51469f991019f73403b143e

SHA512
04f0bcc51fd4b584cacf1d0c4f1f88082e8e86b4d0cb075eac92d7fc1837422a5197694f8d553d36e35c059098e7a7083b096e2f5aea59ceb296a4b7594775c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe

Filesize
468KB

MD5
7999c4a1d78bc2097f363ced8646272e

SHA1
e675dc90c0b621f94faa000edf7fc76a27b51104

SHA256
ae362e8a88b2c74c34c8c506b76585b7580d6880d809b9d45ce155a8662add15

SHA512
1f31c923c6f84c421c67b151d43031de086c3b9f9f3f4417d138ec757d7130c1a1fb1c11af71fa49fe985338a20a91a9f472bf30577a251a112005d1e927c301

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe

Filesize
468KB

MD5
7b3adb6fc080a18077903034dc2df194

SHA1
e08ad738f27aa111dcfe2e2c1d8171f452ab369a

SHA256
f2b434dd002498650407683ec516d42c12357c6bc1a781d7c926768c7f6c3c59

SHA512
e25745c3fa55c79262ab598f8475bf5845098da3edc52f38c67172af7a77e76d167421e4e60214c30544d4e563e1ea1e15cc4db0b55ae809027b0368b87cf629

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe

Filesize
468KB

MD5
9e7ebc6c321cb610eb4698fd159ef166

SHA1
a9aa38311d14d978f981b82c7f6fc2e286341868

SHA256
59446a0626201bd5463a2a0f1c5a24c34eacd04b23353d1a2dab79c9468fa209

SHA512
e4c7fb10698cbacc993d66392c1197d4389bae78e68bdf6e69c24389795631186b557e604cb09af50f0d00b96e82c266945b697a6b3b4003e719feaa44bc048c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe

Filesize
468KB

MD5
9967a591177aefd6623fb6b36379b4e2

SHA1
d89df9caa80f1aac1d0404a12eafac45ef84db8e

SHA256
217cdaabbd9b95aa0e2af8a00a5cd104d72973de8dde13ab746f7efc2d80783d

SHA512
cc1e9b5b2a9413f700c0b8924ab7f8324cdfe218da72e9f6479b2b65bb1faf8f64bd48fd6687dc7146a6b25dff18f3c30b8c0d42d070994512204e85b1a76861

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe

Filesize
468KB

MD5
e712fc4ca251a375aa30a596d3d1e811

SHA1
8836dceefae32fbca312e22bedb9d474363509fb

SHA256
baea6f544822bbdd9664f3be8ac947c827fd5862caee811221131cf202dd77e1

SHA512
0561dc639b31a3c0e8a04d8e0a04206521a7cbb1ad2687b885b5f1d9b5dc3ffe79832dd188e1e04cd406a364ce18f4bf9c2fdc117e1167a9e0a5376a10357e4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe

Filesize
468KB

MD5
0ad5ce43edb15e96ce4432e6fe75859c

SHA1
a15a70d2bc09d814478fc619444260307d684d9a

SHA256
068d0041349c82bf7adbc5382354ee4dab8d2e3ab885c8f768f0d251f41cf6a1

SHA512
ae6cba2fa6513744e85e30686318c181a03be83e719b54be1adfe982f8789a91c6071b339d1e1250970d481a6b15fef0653a0c78881a4dad6241262e6ffe748b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe

Filesize
468KB

MD5
3211d6da6a21998cbb8dcd67e9c8ea6b

SHA1
75b6c9bc2f7a1f45c2ec7f2c11a8560caff45d60

SHA256
c02e06ff1e705aaebc90e078ef25bf02fcefc32f1117a661f0d25ab581f14eda

SHA512
0b0c4fb354e0142283e029946d29f7c21cdc42dd2e6b0c28d5aec08f4bb01de66dc2f355419681819b007f99b8840f68c98b0812465257c2b7ce68435bfb0cd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe

Filesize
468KB

MD5
d0e31168f0b483b89ae0f199e7831fd2

SHA1
3144b4b2bc9c506eefa1b698d8cb56c0eb0eff2c

SHA256
ed1b48867dcbf2a6375631d01175c99409c2e07bfab1f4640491ef3a9a9221c0

SHA512
21e1ce06f439afba79ca2fb020faafd6061f3292554c1657ff251b71bb82f56d9f6223a8f0ba7be973874dc92e75b9163e4f60758b29fa254f36297d4a3aede0

Download Submit