1ce2d0dd7b03fa34930a5648ea185018ef99b321f977497e54276bc1a056b10c

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e07f8fe48c25fde587413b55dfe3d680N.exe
Size

468KB
MD5

e07f8fe48c25fde587413b55dfe3d680
SHA1

d0c6a4332be4353d0cc3915d9b02a785b5dc3c68
SHA256

1ce2d0dd7b03fa34930a5648ea185018ef99b321f977497e54276bc1a056b10c
SHA512

4a213e49c70ff5c8a628e84f63694f53b8c04a050dfd971dd7d5c37d28a81cc324c3db58e1e867b7a7986c3f071b007d2f5b9c6f75285a79e3216569eeb4dbe8
SSDEEP

3072:MbyUoQOdI0576bYJPztjJf8/J9sS1IplnmHeSV3RJa28HhiHyPlv:MbNoG876OPJjJfY0jgJavBiHy

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2732	Unicorn-15338.exe
2872	Unicorn-40694.exe
2848	Unicorn-33080.exe
2824	Unicorn-17677.exe
2740	Unicorn-34458.exe
2636	Unicorn-34096.exe
2632	Unicorn-27965.exe
1940	Unicorn-21608.exe
2340	Unicorn-43810.exe
512	Unicorn-51475.exe
2404	Unicorn-39991.exe
2328	Unicorn-64687.exe
1756	Unicorn-47645.exe
2696	Unicorn-27438.exe
1972	Unicorn-38075.exe
852	Unicorn-48865.exe
2456	Unicorn-61309.exe
2288	Unicorn-45528.exe
2468	Unicorn-32721.exe
2436	Unicorn-16939.exe
1928	Unicorn-3046.exe
2612	Unicorn-9176.exe
1680	Unicorn-61699.exe
2028	Unicorn-37765.exe
276	Unicorn-29274.exe
1484	Unicorn-50209.exe
1424	Unicorn-49887.exe
964	Unicorn-4215.exe
1984	Unicorn-31963.exe
2024	Unicorn-62928.exe
948	Unicorn-54495.exe
2140	Unicorn-46483.exe
3028	Unicorn-42569.exe
2096	Unicorn-38891.exe
2748	Unicorn-9726.exe
2900	Unicorn-796.exe
2088	Unicorn-36461.exe
2956	Unicorn-59119.exe
2928	Unicorn-63203.exe
2752	Unicorn-8832.exe
884	Unicorn-14962.exe
2700	Unicorn-63457.exe
2240	Unicorn-63457.exe
3044	Unicorn-38206.exe
2100	Unicorn-17786.exe
2112	Unicorn-51205.exe
1896	Unicorn-38398.exe
872	Unicorn-3120.exe
396	Unicorn-34468.exe
932	Unicorn-23178.exe
364	Unicorn-45252.exe
2820	Unicorn-55466.exe
1124	Unicorn-3068.exe
108	Unicorn-3333.exe
2180	Unicorn-3333.exe
2152	Unicorn-26774.exe
2960	Unicorn-15839.exe
708	Unicorn-15861.exe
2540	Unicorn-53577.exe
2996	Unicorn-28174.exe
1936	Unicorn-52871.exe
1532	Unicorn-36556.exe
1544	Unicorn-45471.exe
1976	Unicorn-9311.exe

Loads dropped DLL 64 IoCs

pid	Process
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2732	Unicorn-15338.exe
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2732	Unicorn-15338.exe
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2732	Unicorn-15338.exe
2872	Unicorn-40694.exe
2872	Unicorn-40694.exe
2732	Unicorn-15338.exe
2848	Unicorn-33080.exe
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2848	Unicorn-33080.exe
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2632	Unicorn-27965.exe
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2632	Unicorn-27965.exe
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2740	Unicorn-34458.exe
2732	Unicorn-15338.exe
2732	Unicorn-15338.exe
2740	Unicorn-34458.exe
2636	Unicorn-34096.exe
2636	Unicorn-34096.exe
2872	Unicorn-40694.exe
2872	Unicorn-40694.exe
2824	Unicorn-17677.exe
2824	Unicorn-17677.exe
2848	Unicorn-33080.exe
2848	Unicorn-33080.exe
2696	Unicorn-27438.exe
2696	Unicorn-27438.exe
512	Unicorn-51475.exe
512	Unicorn-51475.exe
2824	Unicorn-17677.exe
2824	Unicorn-17677.exe
1756	Unicorn-47645.exe
2632	Unicorn-27965.exe
1756	Unicorn-47645.exe
2632	Unicorn-27965.exe
2872	Unicorn-40694.exe
2872	Unicorn-40694.exe
2328	Unicorn-64687.exe
2328	Unicorn-64687.exe
2340	Unicorn-43810.exe
2340	Unicorn-43810.exe
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2636	Unicorn-34096.exe
2636	Unicorn-34096.exe
2404	Unicorn-39991.exe
2404	Unicorn-39991.exe
2740	Unicorn-34458.exe
2740	Unicorn-34458.exe
1940	Unicorn-21608.exe
1940	Unicorn-21608.exe
2732	Unicorn-15338.exe
2732	Unicorn-15338.exe
1972	Unicorn-38075.exe
1972	Unicorn-38075.exe
2848	Unicorn-33080.exe
2848	Unicorn-33080.exe
852	Unicorn-48865.exe
852	Unicorn-48865.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1784	4348	WerFault.exe	363

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34468.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2428	e07f8fe48c25fde587413b55dfe3d680N.exe
2732	Unicorn-15338.exe
2872	Unicorn-40694.exe
2848	Unicorn-33080.exe
2740	Unicorn-34458.exe
2824	Unicorn-17677.exe
2636	Unicorn-34096.exe
2632	Unicorn-27965.exe
2340	Unicorn-43810.exe
2404	Unicorn-39991.exe
2328	Unicorn-64687.exe
1940	Unicorn-21608.exe
512	Unicorn-51475.exe
2696	Unicorn-27438.exe
1756	Unicorn-47645.exe
1972	Unicorn-38075.exe
852	Unicorn-48865.exe
2456	Unicorn-61309.exe
2288	Unicorn-45528.exe
2468	Unicorn-32721.exe
2436	Unicorn-16939.exe
2612	Unicorn-9176.exe
1680	Unicorn-61699.exe
1928	Unicorn-3046.exe
2028	Unicorn-37765.exe
1984	Unicorn-31963.exe
1484	Unicorn-50209.exe
276	Unicorn-29274.exe
964	Unicorn-4215.exe
1424	Unicorn-49887.exe
948	Unicorn-54495.exe
2024	Unicorn-62928.exe
2140	Unicorn-46483.exe
3028	Unicorn-42569.exe
2096	Unicorn-38891.exe
2748	Unicorn-9726.exe
2956	Unicorn-59119.exe
2900	Unicorn-796.exe
2088	Unicorn-36461.exe
884	Unicorn-14962.exe
3044	Unicorn-38206.exe
2240	Unicorn-63457.exe
2928	Unicorn-63203.exe
2100	Unicorn-17786.exe
2700	Unicorn-63457.exe
2752	Unicorn-8832.exe
2112	Unicorn-51205.exe
1896	Unicorn-38398.exe
872	Unicorn-3120.exe
396	Unicorn-34468.exe
932	Unicorn-23178.exe
108	Unicorn-3333.exe
2820	Unicorn-55466.exe
364	Unicorn-45252.exe
1124	Unicorn-3068.exe
2180	Unicorn-3333.exe
2960	Unicorn-15839.exe
2152	Unicorn-26774.exe
708	Unicorn-15861.exe
2540	Unicorn-53577.exe
2996	Unicorn-28174.exe
1936	Unicorn-52871.exe
1532	Unicorn-36556.exe
1544	Unicorn-45471.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2732	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	29
PID 2428 wrote to memory of 2732	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	29
PID 2428 wrote to memory of 2732	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	29
PID 2428 wrote to memory of 2732	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	29
PID 2732 wrote to memory of 2872	2732	Unicorn-15338.exe	30
PID 2732 wrote to memory of 2872	2732	Unicorn-15338.exe	30
PID 2732 wrote to memory of 2872	2732	Unicorn-15338.exe	30
PID 2732 wrote to memory of 2872	2732	Unicorn-15338.exe	30
PID 2428 wrote to memory of 2848	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	31
PID 2428 wrote to memory of 2848	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	31
PID 2428 wrote to memory of 2848	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	31
PID 2428 wrote to memory of 2848	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	31
PID 2872 wrote to memory of 2824	2872	Unicorn-40694.exe	33
PID 2872 wrote to memory of 2824	2872	Unicorn-40694.exe	33
PID 2872 wrote to memory of 2824	2872	Unicorn-40694.exe	33
PID 2872 wrote to memory of 2824	2872	Unicorn-40694.exe	33
PID 2732 wrote to memory of 2740	2732	Unicorn-15338.exe	32
PID 2732 wrote to memory of 2740	2732	Unicorn-15338.exe	32
PID 2732 wrote to memory of 2740	2732	Unicorn-15338.exe	32
PID 2732 wrote to memory of 2740	2732	Unicorn-15338.exe	32
PID 2848 wrote to memory of 2636	2848	Unicorn-33080.exe	34
PID 2848 wrote to memory of 2636	2848	Unicorn-33080.exe	34
PID 2848 wrote to memory of 2636	2848	Unicorn-33080.exe	34
PID 2848 wrote to memory of 2636	2848	Unicorn-33080.exe	34
PID 2428 wrote to memory of 2632	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	35
PID 2428 wrote to memory of 2632	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	35
PID 2428 wrote to memory of 2632	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	35
PID 2428 wrote to memory of 2632	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	35
PID 2632 wrote to memory of 512	2632	Unicorn-27965.exe	36
PID 2632 wrote to memory of 512	2632	Unicorn-27965.exe	36
PID 2632 wrote to memory of 512	2632	Unicorn-27965.exe	36
PID 2632 wrote to memory of 512	2632	Unicorn-27965.exe	36
PID 2428 wrote to memory of 2340	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	37
PID 2428 wrote to memory of 2340	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	37
PID 2428 wrote to memory of 2340	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	37
PID 2428 wrote to memory of 2340	2428	e07f8fe48c25fde587413b55dfe3d680N.exe	37
PID 2732 wrote to memory of 1940	2732	Unicorn-15338.exe	39
PID 2732 wrote to memory of 1940	2732	Unicorn-15338.exe	39
PID 2732 wrote to memory of 1940	2732	Unicorn-15338.exe	39
PID 2732 wrote to memory of 1940	2732	Unicorn-15338.exe	39
PID 2740 wrote to memory of 2404	2740	Unicorn-34458.exe	38
PID 2740 wrote to memory of 2404	2740	Unicorn-34458.exe	38
PID 2740 wrote to memory of 2404	2740	Unicorn-34458.exe	38
PID 2740 wrote to memory of 2404	2740	Unicorn-34458.exe	38
PID 2636 wrote to memory of 2328	2636	Unicorn-34096.exe	40
PID 2636 wrote to memory of 2328	2636	Unicorn-34096.exe	40
PID 2636 wrote to memory of 2328	2636	Unicorn-34096.exe	40
PID 2636 wrote to memory of 2328	2636	Unicorn-34096.exe	40
PID 2872 wrote to memory of 1756	2872	Unicorn-40694.exe	41
PID 2872 wrote to memory of 1756	2872	Unicorn-40694.exe	41
PID 2872 wrote to memory of 1756	2872	Unicorn-40694.exe	41
PID 2872 wrote to memory of 1756	2872	Unicorn-40694.exe	41
PID 2824 wrote to memory of 2696	2824	Unicorn-17677.exe	42
PID 2824 wrote to memory of 2696	2824	Unicorn-17677.exe	42
PID 2824 wrote to memory of 2696	2824	Unicorn-17677.exe	42
PID 2824 wrote to memory of 2696	2824	Unicorn-17677.exe	42
PID 2848 wrote to memory of 1972	2848	Unicorn-33080.exe	43
PID 2848 wrote to memory of 1972	2848	Unicorn-33080.exe	43
PID 2848 wrote to memory of 1972	2848	Unicorn-33080.exe	43
PID 2848 wrote to memory of 1972	2848	Unicorn-33080.exe	43
PID 2696 wrote to memory of 852	2696	Unicorn-27438.exe	44
PID 2696 wrote to memory of 852	2696	Unicorn-27438.exe	44
PID 2696 wrote to memory of 852	2696	Unicorn-27438.exe	44
PID 2696 wrote to memory of 852	2696	Unicorn-27438.exe	44

C:\Users\Admin\AppData\Local\Temp\e07f8fe48c25fde587413b55dfe3d680N.exe
"C:\Users\Admin\AppData\Local\Temp\e07f8fe48c25fde587413b55dfe3d680N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
        7⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52819.exe
        7⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        6⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        6⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        7⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        7⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        6⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        6⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        6⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32040.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        5⤵
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        5⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        5⤵
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        5⤵
        
        PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        6⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
        6⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        6⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        5⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
        5⤵
        
        PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        5⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      4⤵
      PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
      4⤵
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
      4⤵
      PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64599.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        6⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        6⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        6⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        5⤵
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49887.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        5⤵
        Executes dropped EXE
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
      4⤵
      PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
      4⤵
      PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
      4⤵
      PID:3660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
        6⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        6⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        6⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        5⤵
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        5⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
      4⤵
      PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
      4⤵
      PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53349.exe
      4⤵
      PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
      4⤵
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
      4⤵
      PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
      4⤵
      PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
    3⤵
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
      4⤵
      PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
    3⤵
    PID:1828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
    3⤵
    PID:4632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        7⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
        6⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
        6⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
        6⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        5⤵
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        7⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        6⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9212.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        5⤵
        
        PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
        5⤵
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7894.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
      4⤵
      PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
      4⤵
      PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
      4⤵
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
      4⤵
      PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        6⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        5⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        5⤵
        
        PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        5⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
      4⤵
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
      4⤵
      PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
      4⤵
      PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        5⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13399.exe
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
      4⤵
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
      4⤵
      PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28859.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
      4⤵
      PID:5044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
    3⤵
    PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
    3⤵
    PID:3796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
    3⤵
    PID:4276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27965.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27965.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        6⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        6⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        5⤵
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        5⤵
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        5⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
      4⤵
      PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
      4⤵
      PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16939.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        5⤵
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        5⤵
        
        PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
      4⤵
      PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
      4⤵
      PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
      4⤵
      PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22821.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
      4⤵
      PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
    3⤵
    PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
    3⤵
    PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12322.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
      4⤵
      PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
      4⤵
      PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46207.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
      4⤵
      PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
    3⤵
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
    3⤵
    PID:3632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63814.exe
      4⤵
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
      4⤵
      PID:4648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
    3⤵
    PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
    3⤵
    PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
    3⤵
    PID:3760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
    3⤵
    PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
    3⤵
    PID:4848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
    3⤵
    PID:1136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
    3⤵
    PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
    3⤵
    PID:4348
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 188
      4⤵
      Program crash
      PID:1784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
  2⤵
  PID:2756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
  2⤵
  PID:4072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43980.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43980.exe
  2⤵
  PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe

Filesize
468KB

MD5
0cd0d86bacc19623f247e559505dd8b2

SHA1
5cbfd2fd5a3007d25f82070e7ccbc093b86ba52c

SHA256
187e69421e4b5e6197103ecfd246595a289666c5be1c2dae8768f05e9a050021

SHA512
7740583c72f1c41590486f2be929f666034529c9be29fec97242c88f85434c32dcf538199374e63c7c06a6940d5ab219b7c0c5c7033255870f9338067ddc5fb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe

Filesize
468KB

MD5
1ca589dc4564378b1b4590171581e9de

SHA1
6e9c9d34c10bb11f4359d60270825f06834465a4

SHA256
e49ef66a59859e720d0d4871ffd6dcc31b7f176362dec73bdc7895f83c2b1235

SHA512
52c8f8b75999f6b8c3e4d57dbf4443289a965bfbd5d7da1b8e54f2e2fa4b7487d97c5290dddbdf7c8cc950237a855461158d367a00d327ff6582e183c19615c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27965.exe

Filesize
468KB

MD5
d70fc72b5e0b8fb5ffa8946ba1004749

SHA1
066190b55a587760cf54d190e95f98e3161bbfff

SHA256
8935b9dc966cc04a02821883c292784c55fff3a2463925b1f2b6237a04d0f59d

SHA512
6947d95178f7eb6c4ed1c016f1cd1a9856f079f022a981301c28645f5322112011f3b539ef3cf98ec45921e9d27427643cd36040bf1c708d959a9e3c1c352b36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe

Filesize
468KB

MD5
3c0574e0c074b5d7941dbdb7c43c5a69

SHA1
aca9de2d25f7b4a4e6a4c13bda33fb8bc2cd8eae

SHA256
3ac28bc60fe848b86aadf57d105b55a45fd6fb835e6169ce2d9ea6f030a1a9b7

SHA512
743de8664b2c996090f3b18242f8d869a8133a2137be158bf80d74249ab7d5038a8ad52b3f65f5e6b3ac3fc7bed690d1fb5dd4d252a6ca75e3b5e0af5c387343

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe

Filesize
468KB

MD5
7d3a01b20c5fe3aec70257434291db81

SHA1
3a2ff87c18436d2ec17439bec112fa2300047423

SHA256
909dffde1977a97b42b8d8649581e35d69f8156b2b269084db96e5fe4f8d7aa5

SHA512
cedadc8a5f74d873e00a4183f44567f34fe4bd4d487f01923289304785cb8041244a722fb074cc5129507ae839ddd0b4c4bd073b656e97abe2717c8532b524ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe

Filesize
468KB

MD5
1571b2d58a6f51eaa3d5cfacd6b7d81e

SHA1
49f74f4426abfe01f7d03a1d5f6cfd2eef375091

SHA256
425c62cd2593355e3c39f22b4c8c96161f96adcaad324d923494f4e060ce562a

SHA512
a98d3a9dbe0d6ccbb38b5ea2982bf610b41a31ae8aecfa3463f6d40f076f23ca53acc821eb747ec08588e2320b9be6ebd42cbc5a64f9dce6a3b3c269b6bb01e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe

Filesize
468KB

MD5
9e426ee9718f148c428231800e2a8e57

SHA1
7afec4ccf395569636d75d5cd519a7e0ee8b2060

SHA256
d2091469c5741bc1c4fb1b9ae032ea576a6199e45376896dd54f24faca6bd3b9

SHA512
88514fa916c7fc275b5c8bc268f2aae556c6279d581afc261b7742c90efc0388632c7f6a9565a8090d248a32b0340fe0ad98617b2aec4e1cc81a28f3ced55c65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe

Filesize
468KB

MD5
6750bdc64a2522938e1d3bc4c344a99c

SHA1
4780ccbc9dba02f19a0da5584b590288c98a2627

SHA256
bf046d0c9a643635f1cac079e85d7c2eaa07bad22e6b7a93ce11e802c5b57585

SHA512
41e56eef2f08d0cfb73adf7b9a27333e25859cf82a241c00fdc7fb8cf14c09e2d8dc880f3e4212ff1f2214eda88e033ad298db0061bd97d6f31d679c067f939b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe

Filesize
468KB

MD5
6ad76435325ec59271ecce48e872615b

SHA1
eeba7b6623da4f6a77e2b3d68377d8a11342b2a3

SHA256
27502c7480680d5d296e337580aff746ded9b4e332f71c5c12712ce72add6753

SHA512
ff7265ea44590e2eadbb9461081f8680e97d6d6209e155f46d556824929abaff57c982b010983cc5da2a28ae890888bf251c097cd5a1c7d47e6a5bcee73619ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe

Filesize
468KB

MD5
cfe616904728e7abc6b39a0039ef478c

SHA1
6052e89f7b8e6086e916303d1355420cb5af21d5

SHA256
d6f6dde7dfb66ca6838780810cf2bc3436d7878f1882b1cd9a146e8f80829e86

SHA512
3bf12d868dae4394fdee03604160b40fe3c3c6589b48a2926fe77131d06627acac4f5ea9e559879bd6778692f5901e206ad50d68b2f9332b0458846f10eddc81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe

Filesize
468KB

MD5
c7586ff35c927ddbb2b1c79d0c5385d7

SHA1
133933af9d30355510876c2915d4397b79f3070b

SHA256
892c88bc01af3a7fd550832422bc1c287f9f1ff654b724cea4cd5984cde400e1

SHA512
ada85d93f41b2183b4eeb4d54104058149e500c8689dd922b892b7eeee0d3dc00ba58c9f82ab187f28d562c5076f0f096cbf8037738fc30e8300cc493845de23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe

Filesize
468KB

MD5
54370d8469e6377f52c8d6e105b3d90f

SHA1
1c56b6aaf56267cab809ea0306dd1d701a573846

SHA256
438055465f94a8f00640b574638d8cb862f760e717fdb49541f94b02f67b5ee9

SHA512
1d52e131346bc5eb287ea8c2c4bf05897a2176c1fc5a058c21b717c1e03301e23e19e7bef39de579d6e71e670475d06e8ef82664dc570ee3e9ab96f095f9e4d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe

Filesize
468KB

MD5
60636c397b9bd44d32504330023d4720

SHA1
6771498c92650132c862a5ff4d581b00ede0a462

SHA256
93f197e0a020be743d9627eac1cd5ac0bb6701fbbbe09e7fdfc329596cd5222e

SHA512
bc3d21e5b9b74b26444f35a4d4815aa05e879a9df8eda009a0e4722c26ecfde37530eddd38c0a3c30d5b1c3e122ab0a9badef4ed8b27275bb8d944da6d3d5aec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe

Filesize
468KB

MD5
4a29f5838ba22b2ea01e202bbbddf451

SHA1
0381effe3f35b295ce4ace481cf1c8af4327ee7c

SHA256
1b33d8ecae70f4540a02a77c5c28221b78ea49e4ae953615aba740caf7321dca

SHA512
149aa26946493a6220c09c97066bf2a3c498e3506ccd1a69c1a15a559b751242b9da327982a8c58b1a91317269cc304e91f5abdff0bcd421ca9783d4ab367d82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe

Filesize
468KB

MD5
d1f24b81cddd83696eac3d77656548ac

SHA1
132ff6fdd7386bb33b2fed0f5e0af6e381116a64

SHA256
5853d1145e577aae1ce326dbb9364411bba3821b317edcf34779c0f86b74f152

SHA512
780dae144258ee35710248e71908221e0651f57a5b121128331f08548c223e9aa6b01e0f2bf509955972f0abe7f7f3dcde0ceae02c2133c1ace3001b702b7e1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe

Filesize
468KB

MD5
9d025b05e7646d32c00b5b4f9fe01afb

SHA1
6e637409ec202e3265afaf6563d8b98244093992

SHA256
5307cd7110b5ea7fb992d1e990cd8fb21c442906d6ca168aee70501f4012de48

SHA512
3e2eae7c98870e428801464089e4930e55fa19f43633174bee9183a5b33132a8fb669230c598afd58025a6e315e61e9068debbadc37267cbf0c400576a7e9e00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe

Filesize
468KB

MD5
99fd50a33b8cde6ceb28f9fd2c600cc8

SHA1
3d9ba1e891b6403f995329aae9754438e3033090

SHA256
fcc0f1cb3e2dba56f4b7ff2f041f048ec9f885cbb79138cef0f7493a44848118

SHA512
59de73a3e9af255aa2673dc15b41093d8618f146dd506fe3235b6893b5a247cc3873ea1a69d430d3c3f9c0e29229ecfb2f71e66949cfa9226e8f9361178fad3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe

Filesize
468KB

MD5
3e60c24d69dc9f8b0580156fbfa6fdb4

SHA1
c8ad1890a319ced82ccb52fdd9f5c286725a7c92

SHA256
6eca00e713da2bc33cd3da1cea61dc738c6b82dbdbaec3e06dd3dc1dd5da6679

SHA512
fa293e12f1e057771a23e8e34cab204b145e2f0808b5d89fe0cf73004d6434858c850bf48ddd12591a1411dfd3f94a9dae922605e450e32c4e42e2501cf0b4a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe

Filesize
468KB

MD5
3d58d2a43c6729e6cc6f6f876d3c36f2

SHA1
6e5a3e4775ec477e1df6f9c9674b4674d06631c9

SHA256
6e67f9459c2c8b5381bcd9a12a4dbca7adf507fb28ebe175592c16d5e98e63b6

SHA512
8b754af3eae89c106fa90a32d8ff3bab39242367fff5bb282383f0aa8f9e0c7f62ba1adf1e822f991dc3786dd7e8eaeb72eb779ca143fe3772698349cf46e522

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe

Filesize
468KB

MD5
e7ef433a4d711ee2fff5c55eb73efeb4

SHA1
147e7b8f18160365b091e8229399057e254961ae

SHA256
8d4d0ce4bc41f2ed875ab4bbdc944f8267333e203385a22d3a68d1356059b6c3

SHA512
3c9886eb656fcabd97e5c3c5fe11ef2131d139372d3ed39f804a2bcadf7b076dd09d6d4c3cb24b70eaafa6667d117b1306af579e6e54687f1398a477f86a78af

Download Submit