549b35e619422e9f720f6732522298adc6ace60c09b6a7842bce9017317c2400

Analysis

max time kernel
114s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 23:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

29f3a415f7749acaa9e043ea01a46c40N.exe
Size

468KB
MD5

29f3a415f7749acaa9e043ea01a46c40
SHA1

b33809ba19cc0a041d6a9a0daaf5490608fa4c9b
SHA256

549b35e619422e9f720f6732522298adc6ace60c09b6a7842bce9017317c2400
SHA512

a812dba9335b160e0d55c1cb29f86686cf0e1de30dd1d9f09658ce0e5ecab34c3003e80dbc61d5bd441ad1d863efc460301edabf6a2bd3da4bb459dff56efd38
SSDEEP

3072:ToA1ogYnI05ptbYnPzbjef8DECxvPgpXcmHe6Vs/OY9TiMiakxlT:ToCom8ptkPXjefacmnOYVniak

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2216	Unicorn-61065.exe
2100	Unicorn-49773.exe
1092	Unicorn-56550.exe
2736	Unicorn-60702.exe
2956	Unicorn-61257.exe
2868	Unicorn-40182.exe
2664	Unicorn-64786.exe
1784	Unicorn-2409.exe
1992	Unicorn-12060.exe
1288	Unicorn-26359.exe
2932	Unicorn-18191.exe
2460	Unicorn-36665.exe
956	Unicorn-36784.exe
1264	Unicorn-17183.exe
2904	Unicorn-34287.exe
2840	Unicorn-25565.exe
964	Unicorn-26753.exe
804	Unicorn-8351.exe
2044	Unicorn-40208.exe
2764	Unicorn-25264.exe
2240	Unicorn-55990.exe
2864	Unicorn-36753.exe
1540	Unicorn-23318.exe
2448	Unicorn-17187.exe
928	Unicorn-13374.exe
1344	Unicorn-33240.exe
1084	Unicorn-33240.exe
1572	Unicorn-467.exe
2964	Unicorn-38070.exe
1520	Unicorn-64350.exe
2716	Unicorn-62404.exe
2248	Unicorn-56274.exe
2404	Unicorn-14334.exe
2496	Unicorn-25840.exe
1620	Unicorn-10687.exe
2064	Unicorn-1911.exe
2136	Unicorn-11511.exe
2680	Unicorn-13442.exe
2060	Unicorn-6021.exe
2972	Unicorn-42223.exe
2756	Unicorn-1553.exe
1792	Unicorn-17335.exe
2700	Unicorn-29779.exe
2572	Unicorn-7696.exe
860	Unicorn-6405.exe
2196	Unicorn-46691.exe
2640	Unicorn-8159.exe
2508	Unicorn-17719.exe
2884	Unicorn-4075.exe
2020	Unicorn-1958.exe
2156	Unicorn-17525.exe
1488	Unicorn-42991.exe
2784	Unicorn-26746.exe
2628	Unicorn-26746.exe
1968	Unicorn-32877.exe
640	Unicorn-13011.exe
1108	Unicorn-36696.exe
1864	Unicorn-32877.exe
1628	Unicorn-32877.exe
2360	Unicorn-61657.exe
2128	Unicorn-36767.exe
2872	Unicorn-43759.exe
2492	Unicorn-38149.exe
1724	Unicorn-32768.exe

Loads dropped DLL 64 IoCs

pid	Process
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
2216	Unicorn-61065.exe
2216	Unicorn-61065.exe
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
1092	Unicorn-56550.exe
1092	Unicorn-56550.exe
2216	Unicorn-61065.exe
2216	Unicorn-61065.exe
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
2100	Unicorn-49773.exe
2100	Unicorn-49773.exe
2100	Unicorn-49773.exe
2100	Unicorn-49773.exe
2216	Unicorn-61065.exe
2216	Unicorn-61065.exe
2736	Unicorn-60702.exe
2736	Unicorn-60702.exe
2868	Unicorn-40182.exe
2868	Unicorn-40182.exe
2956	Unicorn-61257.exe
2956	Unicorn-61257.exe
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
1092	Unicorn-56550.exe
1092	Unicorn-56550.exe
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
2664	Unicorn-64786.exe
2664	Unicorn-64786.exe
1992	Unicorn-12060.exe
1992	Unicorn-12060.exe
2216	Unicorn-61065.exe
2216	Unicorn-61065.exe
1288	Unicorn-26359.exe
1288	Unicorn-26359.exe
956	Unicorn-36784.exe
2868	Unicorn-40182.exe
2868	Unicorn-40182.exe
956	Unicorn-36784.exe
1784	Unicorn-2409.exe
1784	Unicorn-2409.exe
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
2460	Unicorn-36665.exe
2460	Unicorn-36665.exe
2100	Unicorn-49773.exe
2100	Unicorn-49773.exe
2956	Unicorn-61257.exe
2932	Unicorn-18191.exe
1264	Unicorn-17183.exe
2956	Unicorn-61257.exe
1264	Unicorn-17183.exe
2932	Unicorn-18191.exe
1092	Unicorn-56550.exe
1092	Unicorn-56550.exe
2736	Unicorn-60702.exe
2736	Unicorn-60702.exe
2904	Unicorn-34287.exe
2904	Unicorn-34287.exe
2840	Unicorn-25565.exe
2664	Unicorn-64786.exe
2840	Unicorn-25565.exe
2664	Unicorn-64786.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3824	3356	WerFault.exe	196

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12060.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1568	29f3a415f7749acaa9e043ea01a46c40N.exe
2216	Unicorn-61065.exe
2100	Unicorn-49773.exe
1092	Unicorn-56550.exe
2956	Unicorn-61257.exe
2868	Unicorn-40182.exe
2664	Unicorn-64786.exe
2736	Unicorn-60702.exe
1992	Unicorn-12060.exe
1288	Unicorn-26359.exe
1264	Unicorn-17183.exe
956	Unicorn-36784.exe
1784	Unicorn-2409.exe
2932	Unicorn-18191.exe
2460	Unicorn-36665.exe
2904	Unicorn-34287.exe
2840	Unicorn-25565.exe
964	Unicorn-26753.exe
804	Unicorn-8351.exe
2764	Unicorn-25264.exe
2044	Unicorn-40208.exe
2240	Unicorn-55990.exe
2864	Unicorn-36753.exe
1540	Unicorn-23318.exe
2448	Unicorn-17187.exe
1084	Unicorn-33240.exe
1572	Unicorn-467.exe
928	Unicorn-13374.exe
2964	Unicorn-38070.exe
1344	Unicorn-33240.exe
1520	Unicorn-64350.exe
2716	Unicorn-62404.exe
2404	Unicorn-14334.exe
2248	Unicorn-56274.exe
2496	Unicorn-25840.exe
1620	Unicorn-10687.exe
2064	Unicorn-1911.exe
2680	Unicorn-13442.exe
2136	Unicorn-11511.exe
2060	Unicorn-6021.exe
2972	Unicorn-42223.exe
2700	Unicorn-29779.exe
2756	Unicorn-1553.exe
1792	Unicorn-17335.exe
2572	Unicorn-7696.exe
860	Unicorn-6405.exe
2196	Unicorn-46691.exe
2640	Unicorn-8159.exe
2508	Unicorn-17719.exe
2884	Unicorn-4075.exe
1488	Unicorn-42991.exe
2020	Unicorn-1958.exe
2156	Unicorn-17525.exe
1108	Unicorn-36696.exe
640	Unicorn-13011.exe
1968	Unicorn-32877.exe
2784	Unicorn-26746.exe
2628	Unicorn-26746.exe
1628	Unicorn-32877.exe
1864	Unicorn-32877.exe
2128	Unicorn-36767.exe
2360	Unicorn-61657.exe
2872	Unicorn-43759.exe
2492	Unicorn-38149.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 2216	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	29
PID 1568 wrote to memory of 2216	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	29
PID 1568 wrote to memory of 2216	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	29
PID 1568 wrote to memory of 2216	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	29
PID 2216 wrote to memory of 2100	2216	Unicorn-61065.exe	30
PID 2216 wrote to memory of 2100	2216	Unicorn-61065.exe	30
PID 2216 wrote to memory of 2100	2216	Unicorn-61065.exe	30
PID 2216 wrote to memory of 2100	2216	Unicorn-61065.exe	30
PID 1568 wrote to memory of 1092	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	31
PID 1568 wrote to memory of 1092	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	31
PID 1568 wrote to memory of 1092	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	31
PID 1568 wrote to memory of 1092	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	31
PID 1092 wrote to memory of 2736	1092	Unicorn-56550.exe	32
PID 1092 wrote to memory of 2736	1092	Unicorn-56550.exe	32
PID 1092 wrote to memory of 2736	1092	Unicorn-56550.exe	32
PID 1092 wrote to memory of 2736	1092	Unicorn-56550.exe	32
PID 2216 wrote to memory of 2956	2216	Unicorn-61065.exe	34
PID 2216 wrote to memory of 2956	2216	Unicorn-61065.exe	34
PID 2216 wrote to memory of 2956	2216	Unicorn-61065.exe	34
PID 2216 wrote to memory of 2956	2216	Unicorn-61065.exe	34
PID 1568 wrote to memory of 2868	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	35
PID 1568 wrote to memory of 2868	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	35
PID 1568 wrote to memory of 2868	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	35
PID 1568 wrote to memory of 2868	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	35
PID 2100 wrote to memory of 2664	2100	Unicorn-49773.exe	33
PID 2100 wrote to memory of 2664	2100	Unicorn-49773.exe	33
PID 2100 wrote to memory of 2664	2100	Unicorn-49773.exe	33
PID 2100 wrote to memory of 2664	2100	Unicorn-49773.exe	33
PID 2100 wrote to memory of 1784	2100	Unicorn-49773.exe	36
PID 2100 wrote to memory of 1784	2100	Unicorn-49773.exe	36
PID 2100 wrote to memory of 1784	2100	Unicorn-49773.exe	36
PID 2100 wrote to memory of 1784	2100	Unicorn-49773.exe	36
PID 2216 wrote to memory of 1992	2216	Unicorn-61065.exe	37
PID 2216 wrote to memory of 1992	2216	Unicorn-61065.exe	37
PID 2216 wrote to memory of 1992	2216	Unicorn-61065.exe	37
PID 2216 wrote to memory of 1992	2216	Unicorn-61065.exe	37
PID 2736 wrote to memory of 2932	2736	Unicorn-60702.exe	38
PID 2736 wrote to memory of 2932	2736	Unicorn-60702.exe	38
PID 2736 wrote to memory of 2932	2736	Unicorn-60702.exe	38
PID 2736 wrote to memory of 2932	2736	Unicorn-60702.exe	38
PID 2868 wrote to memory of 1288	2868	Unicorn-40182.exe	39
PID 2868 wrote to memory of 1288	2868	Unicorn-40182.exe	39
PID 2868 wrote to memory of 1288	2868	Unicorn-40182.exe	39
PID 2868 wrote to memory of 1288	2868	Unicorn-40182.exe	39
PID 2956 wrote to memory of 2460	2956	Unicorn-61257.exe	40
PID 2956 wrote to memory of 2460	2956	Unicorn-61257.exe	40
PID 2956 wrote to memory of 2460	2956	Unicorn-61257.exe	40
PID 2956 wrote to memory of 2460	2956	Unicorn-61257.exe	40
PID 1092 wrote to memory of 1264	1092	Unicorn-56550.exe	42
PID 1092 wrote to memory of 1264	1092	Unicorn-56550.exe	42
PID 1092 wrote to memory of 1264	1092	Unicorn-56550.exe	42
PID 1092 wrote to memory of 1264	1092	Unicorn-56550.exe	42
PID 1568 wrote to memory of 956	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	41
PID 1568 wrote to memory of 956	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	41
PID 1568 wrote to memory of 956	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	41
PID 1568 wrote to memory of 956	1568	29f3a415f7749acaa9e043ea01a46c40N.exe	41
PID 2664 wrote to memory of 2904	2664	Unicorn-64786.exe	43
PID 2664 wrote to memory of 2904	2664	Unicorn-64786.exe	43
PID 2664 wrote to memory of 2904	2664	Unicorn-64786.exe	43
PID 2664 wrote to memory of 2904	2664	Unicorn-64786.exe	43
PID 1992 wrote to memory of 2840	1992	Unicorn-12060.exe	44
PID 1992 wrote to memory of 2840	1992	Unicorn-12060.exe	44
PID 1992 wrote to memory of 2840	1992	Unicorn-12060.exe	44
PID 1992 wrote to memory of 2840	1992	Unicorn-12060.exe	44

C:\Users\Admin\AppData\Local\Temp\29f3a415f7749acaa9e043ea01a46c40N.exe
"C:\Users\Admin\AppData\Local\Temp\29f3a415f7749acaa9e043ea01a46c40N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34287.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        7⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        7⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14791.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        7⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        6⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        5⤵
        
        PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        7⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        6⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        6⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        5⤵
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        5⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
        5⤵
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        5⤵
        
        PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
        5⤵
        
        PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
      4⤵
      PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
      4⤵
      PID:4244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        7⤵
        Executes dropped EXE
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55285.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        7⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        7⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
        6⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        6⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        6⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7753.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        6⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        5⤵
        
        PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        5⤵
        
        PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        5⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
        5⤵
        
        PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
      4⤵
      PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
      4⤵
      PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25565.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        6⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        6⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
        5⤵
        
        PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        5⤵
        
        PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
        5⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        6⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        6⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53415.exe
        5⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        5⤵
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
      4⤵
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
      4⤵
      PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
      4⤵
      PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        5⤵
        
        PID:3356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 188
        6⤵
        Program crash
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        5⤵
        
        PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
      4⤵
      PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
      4⤵
      PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
      4⤵
      PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      4⤵
      PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42359.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      4⤵
      PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
      4⤵
      PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
      4⤵
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
    3⤵
    PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
    3⤵
    PID:3284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
    3⤵
    PID:4216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56550.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56550.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        7⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        7⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        6⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        6⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        6⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        5⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        5⤵
        
        PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        5⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
        5⤵
        
        PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        6⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13369.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        5⤵
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        5⤵
        
        PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
        5⤵
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        6⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32331.exe
        5⤵
        
        PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34050.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        5⤵
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60292.exe
      4⤵
      PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
      4⤵
      PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
      4⤵
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-467.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
      4⤵
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
      4⤵
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
    3⤵
    PID:832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
    3⤵
    PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43195.exe
    3⤵
    PID:4516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        5⤵
        
        PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        5⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        5⤵
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
      4⤵
      PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
      4⤵
      PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      4⤵
      PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
      4⤵
      PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
      4⤵
      PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
      4⤵
      PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
    3⤵
    PID:1872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
    3⤵
    PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
    3⤵
    PID:3076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
    3⤵
    PID:4940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
        5⤵
        
        PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
      4⤵
      PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
      4⤵
      PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
    3⤵
    PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
    3⤵
    PID:3100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
    3⤵
    PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
    3⤵
    PID:4144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
    3⤵
    PID:4252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
    3⤵
    PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
    3⤵
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
    3⤵
    PID:5072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
    3⤵
    PID:2372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
    3⤵
    PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
    3⤵
    PID:4484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
  2⤵
  PID:2376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
  2⤵
  PID:1720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
  2⤵
  PID:4072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
  2⤵
  PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe

Filesize
468KB

MD5
0f0172cf2c7b3b49839328e463294ffc

SHA1
2af51604192c94ed3041a6e79e7c971f77b5efba

SHA256
beb01e06fca9921dd98aee292180802db52d841c1978afdcdbd56ed1bba536fb

SHA512
a1ccabba68e64eb33d99b190bc19deeb13b094afe14ee12adb9ae1cf96bf56232ca24f151a6491eb1653ff5f06fd7c19f9710aa88902eb169d0b24901eaa0883

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe

Filesize
468KB

MD5
e19669f08ed293214c27ca5413b672fb

SHA1
d1f0d0f8acdddc4db5bd66d933a8d437098c14e7

SHA256
de9af6340ee9f588ef319846ac2f6a7aa3f1eeabdf0ec8f0896462f610cd559d

SHA512
9eeed4eeab7deef339d208e12b77c9465a3c504e218678bcac1a2719a51c17107a79c674b9f0542afa4b5b69d03ba6b34e6b0530e5839c88742c67cda637c095

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe

Filesize
468KB

MD5
978b68d5f069a69eb114e22236b88cab

SHA1
1ce1014f6a024ab385b7447e47d27bf77582ec2b

SHA256
692d97369ac0739eaa607ee12e6013e63f6d63f59e459bc4d96141672d431474

SHA512
297ed89aa3eddd8bdc05ce34cfe67ddcbe2cf42ec5dff6120676742609f79b639ca7349342cb33cf7b3b049734469b58f2338ce422a2268a5a747ac554e46c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe

Filesize
468KB

MD5
b43151868d672480c9c168305eb7b2ac

SHA1
0326213607ead57f94e72eec73c8352bfe7eed31

SHA256
9e8bbb4f5fb8f40469d6ab716f9c6d76f8fe5be041a40d6d2b815dfc5e037d96

SHA512
563e32e14943f524ec8344c090a6fe57b689d6f218a44a55cc65653390969f16c0d468700ee9fe5fbc0e5e4e2db99e4d42f2062c977fdb1e81ff6b189fd597ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56550.exe

Filesize
468KB

MD5
c1a9cb5a6689d56d69156553f1032dab

SHA1
671906b9895851f7ba6ff7c222e48d8def02a934

SHA256
4c4612f124f15593be4ddee20f749214351844725a00e0c242985a32b350c600

SHA512
b1b0bd37d945f866ff4b9fcf9167cf5745f26f6db0e085f7effaa4dfc3397a31a8c5e1bc96d7d09f570874c78d8da65eda76ab3990cfefe2758caa39d1deff90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe

Filesize
468KB

MD5
0cbaaab43fa1967c2ff50f2561e9dd06

SHA1
beaf48400ab29eedb66e4b2d2ad363cec4297e59

SHA256
361dd8c8cb8ef8319f845e798af33fbc7fed1304836c7ed35fc235238c952b05

SHA512
92ddafca03171aa9a46e090de71d26154b253d5652ca4c6fcd902da6011b1c4e3aaaeb8064897d50920506f86e0e9a5da0eda3693e8797a79a0292a391ef4436

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe

Filesize
468KB

MD5
1e8f9e5c4d1d143bcf98a30ffc888d63

SHA1
e4d934ea81202e6a1865ce41f35f8a51f35f4bce

SHA256
eebad40d2def44ba04f91f2bd577bc4151c22761a7f87f34485f168fdcca66be

SHA512
65dd619ecd2690b2d7b31c16b8ecf552ab18993dae853cd68cbdb244d5e9183d431ab5566abb4da26b8f5ab6d1ea350849562cb8b0a138ed80a861ea76af1851

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe

Filesize
468KB

MD5
62811a716bf8135a1588b4bbab0213b2

SHA1
7c7d30c2e43897b793b66aef1d84dae958e5cddc

SHA256
02c3f31f08aac433589a880ab7a9295bdd1076915c8ee6fbcc4d0461481ba49e

SHA512
105f2b729d82a9e4bf9f1b6034480bd9a036f7c08e20370d03c5b85da1ad6e025d3f08f4844240a0cda04fe54321e703ab16a5e1d47eec36fd2a961f383170bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe

Filesize
468KB

MD5
c57fd8708cbc6b66f47069661a355034

SHA1
efecf4bfd083a2a3b0c7b812a3cd7fceece71c70

SHA256
a05da2da795bc3bf6a30ca1062043adf1f472be05ac59b95379daef1521e4d4b

SHA512
389b8b6e8fd2ac729823649ca6e5a18f6c0eeb41fbb8c66affaa5d5cbdf207ae1ee5e08e1cf7b843cc43c74923c5f58396ac1768e8778ef2c7a37fe258c5d218

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25565.exe

Filesize
468KB

MD5
0e63e93a78a22b8ca68642b3c9fada55

SHA1
0a62de30345163ef2a714c0389db085b2adc7907

SHA256
de76ddab86b5dd51a71d7f101d832a8304607089d84ab7c9542d7fb9015a64e4

SHA512
f58814eb98033d666645549a296bd20df22eac255fbb30b41e53e52d94c1d164df2a83787f4afe11da0a5af62addd9778cadec84bfa6a2995c696358ee1b111a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe

Filesize
468KB

MD5
63b085cf57ecfa44378e911e998fae81

SHA1
224d2cf1a036897f94f322e2f01c3744512133ef

SHA256
73c913be330dc9a6f05a662705dce4d2f5f3e5087d719c0dabb46754ce95d5ff

SHA512
edd13c6ec0e50fd0bc00269e46ae68ad039cf0a054fe990ea58592d4f30c48c427c439ed21ba18fac45ea8faad379ff9d676f10a979f3cfda98a1d5692a14a26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe

Filesize
468KB

MD5
a25c15c0e0ba78f49f735551e782698c

SHA1
ea7287dc75216de5c7ee769a03b9c04753478e88

SHA256
7c971f989fddff256d5d89c88a49c4a1b2d110c946756d81cc9d4d85071fea79

SHA512
1de3da2b96d9e32f711a8c657b65171b1d28a2dc6e58c489db7d17af7ebcfc87642983a866c8a6b0f21c91753740b22015673a124f94ba912ec15d8613e9be5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34287.exe

Filesize
468KB

MD5
c82191a838588a924c18833d134de6d0

SHA1
0d6a98ed85a20cb0525d6d8979917d4abd4d1a8e

SHA256
e25ed45db1c5252311a2e42d4510ef8c6204ef919a8096feecc1a02f039b3694

SHA512
7f72aa5b43e02f6e6010426e091102c00bb1ed350efd204a4105d0ef02085ba27235e75938bea1afcaa1601af02696458c5c4ff999a25c09703be231fa6a7ab0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe

Filesize
468KB

MD5
8ed39bc209aecf7ff073c6c08428caa3

SHA1
467e57136015bb7a6ab1f966dc0ee2c5b9fe74f3

SHA256
61c6854657f84256b076d7211fe21d1c3f22930968e94e7040542f3cfaa40e88

SHA512
add99d352447ddb2687f407cd901a51efaa1f99eec78a2d7aa74ce0d1c4c50c223ebebae583fd01b8d983ee7f5ae63814856ea14dcd89eb1abf9ea9d48ed969d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe

Filesize
468KB

MD5
0222785ef2bb05f5afba72560d02dee0

SHA1
06689a73bfef74a4a0af03516485a14aa2733bf2

SHA256
b45e148f1e39551c5eabb262fe9b2e750d90578a0910818d78f97bd94d98e428

SHA512
a895e32287783c50a601bc827cbd6b632b89e73355f29e9670e558335662c0377eddf986010f9e155a2f0b42beb53ff3c8ea08ac9e0dba36adc4380acfa02d67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe

Filesize
468KB

MD5
4de72654749512c70d6cfc8b9f3fd5bd

SHA1
5a4c5593cf0229ab363a4b7e278157fe11561924

SHA256
5e7b2e51d726326953ab9cbeff81427a888d0aba4feef156d852ac170b5dc039

SHA512
1c99728e4df1aa4b2a9a4252ce84cdd2242384c37a355920b9c695e0172293aef80d90fa94039258e06e5e48b96e9022380a5eeb1b84c679d34476baab1d2fb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe

Filesize
468KB

MD5
9b5cbbbcc0f67a66237d5b00e3da4da8

SHA1
c8221e837b7ed865ce87cbe3532883e2ae4aa8bc

SHA256
d5b4ad9625ade02ec8e9e2725a790584ebf1ea767f6dfde54789f4a769b10aa6

SHA512
f0d2d9d68155e673cd7bbade82ec0beab1e64023d255bd3d9f8b9a57041a674d1f56d84cf4791e8abaf39095915dcc44ab1ccb3f3bce7b2750746379132d5d7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe

Filesize
468KB

MD5
b1cde318011416eebb0cf5a9c4668416

SHA1
8e61c33179cc383522e4ed450dc9f66240005830

SHA256
d4ad34f4955b3f8b547e2d16f4a6d9742ba5cc876c90854d00f08862d8fba9ac

SHA512
fc1e42ec15833d159d150c5ae1eb8518ac483844b8716ec15d86c7e26dc33822552074a8bbea733514129381eac3bb070d94de2fcb6ff186b1f699cf47ad607c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe

Filesize
468KB

MD5
99d15ea772adcbfb558f7064afc97a85

SHA1
8b7e9f351c4c78b7d94b1bb3e27f301bea350f78

SHA256
e8c5a6cce463bf7b98f589b05aede21abc1bb161837874ccf96a2bc8f668344a

SHA512
d19d6888e73ff49721ba837b92c8ef2fc59d0db18f822724d080dc56557e99ac08e7677806424876a3039d4594735b3673e4cdd9518294240e3423b058a1c45a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe

Filesize
468KB

MD5
f9780f5b1f2433f89ee2c41a6319926f

SHA1
47c4cba10e690e0dceede4d57d9b156384367c23

SHA256
bfc80ffb41a095b7d62487984fff0e901e521c05b94a63a0af13d8976ee0536d

SHA512
db811d7fdfcbd4ed35c0650aa777bec48c2fdf170715906eac3d211262ff9363716d362133c2c30c25368c6013a98d1e8d39046c2607cd235740fff24c13fc05

Download Submit