1aa6eb7cefdb2dff35845865d82ce950a3b92ffd103630d41ebb677cfad682e2

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

195d6cf54e061c06c3d517b43e514780N.exe
Size

468KB
MD5

195d6cf54e061c06c3d517b43e514780
SHA1

a3cbdbed364861046fa564cf05a02fbd16e9f88c
SHA256

1aa6eb7cefdb2dff35845865d82ce950a3b92ffd103630d41ebb677cfad682e2
SHA512

057c242d01f610d1af9cba4c6b409ac0159c423a95819b2e6029a332f470e1fdf92a8724de8f37efa0b6386354958ed330e224acbff852809060d49d28fe9b7e
SSDEEP

3072:yu0VogkEIY5AtbY4zfjjff8w0COiPppT/EHTYV/gDWhLxAlcJRln:yueotYAtHzrjfflfC/DW9ClcJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2540	Unicorn-24106.exe
2296	Unicorn-65112.exe
2736	Unicorn-4214.exe
2816	Unicorn-55813.exe
3028	Unicorn-48200.exe
2760	Unicorn-12734.exe
2984	Unicorn-2528.exe
2660	Unicorn-3846.exe
2576	Unicorn-7930.exe
2944	Unicorn-40146.exe
1184	Unicorn-40411.exe
1444	Unicorn-20545.exe
2644	Unicorn-22028.exe
2888	Unicorn-56747.exe
2016	Unicorn-13337.exe
2080	Unicorn-16504.exe
1696	Unicorn-24650.exe
1360	Unicorn-26317.exe
3060	Unicorn-56943.exe
1272	Unicorn-13872.exe
1164	Unicorn-15910.exe
1052	Unicorn-22041.exe
1684	Unicorn-62881.exe
900	Unicorn-43015.exe
1528	Unicorn-25933.exe
684	Unicorn-29752.exe
612	Unicorn-23747.exe
1748	Unicorn-34682.exe
2348	Unicorn-43613.exe
3068	Unicorn-43613.exe
3064	Unicorn-7219.exe
1936	Unicorn-15963.exe
2232	Unicorn-12393.exe
756	Unicorn-21522.exe
2848	Unicorn-19475.exe
2448	Unicorn-61978.exe
2832	Unicorn-50613.exe
2800	Unicorn-13929.exe
2992	Unicorn-18376.exe
2844	Unicorn-62746.exe
2880	Unicorn-23337.exe
2796	Unicorn-43203.exe
1876	Unicorn-19034.exe
3008	Unicorn-10103.exe
2300	Unicorn-28271.exe
2240	Unicorn-15561.exe
2028	Unicorn-15827.exe
2932	Unicorn-28079.exe
2784	Unicorn-59790.exe
2900	Unicorn-52946.exe
576	Unicorn-20081.exe
2036	Unicorn-24955.exe
2176	Unicorn-29593.exe
2472	Unicorn-53159.exe
2492	Unicorn-53159.exe
936	Unicorn-18248.exe
2364	Unicorn-18248.exe
2264	Unicorn-13470.exe
2064	Unicorn-13470.exe
2440	Unicorn-54866.exe
2192	Unicorn-18048.exe
1156	Unicorn-18048.exe
2236	Unicorn-31652.exe
1700	Unicorn-28114.exe

Loads dropped DLL 64 IoCs

pid	Process
1960	195d6cf54e061c06c3d517b43e514780N.exe
1960	195d6cf54e061c06c3d517b43e514780N.exe
2540	Unicorn-24106.exe
2540	Unicorn-24106.exe
1960	195d6cf54e061c06c3d517b43e514780N.exe
1960	195d6cf54e061c06c3d517b43e514780N.exe
2296	Unicorn-65112.exe
2296	Unicorn-65112.exe
2540	Unicorn-24106.exe
2540	Unicorn-24106.exe
2736	Unicorn-4214.exe
2736	Unicorn-4214.exe
1960	195d6cf54e061c06c3d517b43e514780N.exe
1960	195d6cf54e061c06c3d517b43e514780N.exe
2760	Unicorn-12734.exe
2760	Unicorn-12734.exe
2816	Unicorn-55813.exe
2816	Unicorn-55813.exe
1960	195d6cf54e061c06c3d517b43e514780N.exe
1960	195d6cf54e061c06c3d517b43e514780N.exe
3028	Unicorn-48200.exe
2296	Unicorn-65112.exe
3028	Unicorn-48200.exe
2296	Unicorn-65112.exe
2540	Unicorn-24106.exe
2984	Unicorn-2528.exe
2984	Unicorn-2528.exe
2540	Unicorn-24106.exe
2736	Unicorn-4214.exe
2736	Unicorn-4214.exe
2576	Unicorn-7930.exe
2576	Unicorn-7930.exe
2816	Unicorn-55813.exe
2816	Unicorn-55813.exe
2016	Unicorn-13337.exe
2016	Unicorn-13337.exe
2736	Unicorn-4214.exe
2736	Unicorn-4214.exe
1444	Unicorn-20545.exe
1444	Unicorn-20545.exe
2296	Unicorn-65112.exe
2296	Unicorn-65112.exe
1184	Unicorn-40411.exe
1184	Unicorn-40411.exe
2644	Unicorn-22028.exe
3028	Unicorn-48200.exe
2644	Unicorn-22028.exe
3028	Unicorn-48200.exe
2660	Unicorn-3846.exe
2660	Unicorn-3846.exe
2540	Unicorn-24106.exe
2540	Unicorn-24106.exe
1960	195d6cf54e061c06c3d517b43e514780N.exe
1960	195d6cf54e061c06c3d517b43e514780N.exe
2760	Unicorn-12734.exe
2760	Unicorn-12734.exe
2888	Unicorn-56747.exe
2944	Unicorn-40146.exe
2888	Unicorn-56747.exe
2944	Unicorn-40146.exe
2984	Unicorn-2528.exe
2984	Unicorn-2528.exe
2576	Unicorn-7930.exe
2080	Unicorn-16504.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4004	1908	WerFault.exe	190

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	195d6cf54e061c06c3d517b43e514780N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56983.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1960	195d6cf54e061c06c3d517b43e514780N.exe
2540	Unicorn-24106.exe
2296	Unicorn-65112.exe
2736	Unicorn-4214.exe
2760	Unicorn-12734.exe
2816	Unicorn-55813.exe
3028	Unicorn-48200.exe
2984	Unicorn-2528.exe
2660	Unicorn-3846.exe
2576	Unicorn-7930.exe
1184	Unicorn-40411.exe
2944	Unicorn-40146.exe
2888	Unicorn-56747.exe
1444	Unicorn-20545.exe
2016	Unicorn-13337.exe
2644	Unicorn-22028.exe
2080	Unicorn-16504.exe
1696	Unicorn-24650.exe
3060	Unicorn-56943.exe
1360	Unicorn-26317.exe
1272	Unicorn-13872.exe
1052	Unicorn-22041.exe
1164	Unicorn-15910.exe
1684	Unicorn-62881.exe
1748	Unicorn-34682.exe
3068	Unicorn-43613.exe
612	Unicorn-23747.exe
2348	Unicorn-43613.exe
900	Unicorn-43015.exe
684	Unicorn-29752.exe
3064	Unicorn-7219.exe
1528	Unicorn-25933.exe
2232	Unicorn-12393.exe
1936	Unicorn-15963.exe
756	Unicorn-21522.exe
2848	Unicorn-19475.exe
2448	Unicorn-61978.exe
2832	Unicorn-50613.exe
2800	Unicorn-13929.exe
2844	Unicorn-62746.exe
2300	Unicorn-28271.exe
1876	Unicorn-19034.exe
2992	Unicorn-18376.exe
2796	Unicorn-43203.exe
3008	Unicorn-10103.exe
2880	Unicorn-23337.exe
2932	Unicorn-28079.exe
2784	Unicorn-59790.exe
2240	Unicorn-15561.exe
2028	Unicorn-15827.exe
2900	Unicorn-52946.exe
576	Unicorn-20081.exe
2036	Unicorn-24955.exe
2176	Unicorn-29593.exe
936	Unicorn-18248.exe
2492	Unicorn-53159.exe
2364	Unicorn-18248.exe
2064	Unicorn-13470.exe
2472	Unicorn-53159.exe
2264	Unicorn-13470.exe
2440	Unicorn-54866.exe
2236	Unicorn-31652.exe
2192	Unicorn-18048.exe
1700	Unicorn-28114.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2540	1960	195d6cf54e061c06c3d517b43e514780N.exe	31
PID 1960 wrote to memory of 2540	1960	195d6cf54e061c06c3d517b43e514780N.exe	31
PID 1960 wrote to memory of 2540	1960	195d6cf54e061c06c3d517b43e514780N.exe	31
PID 1960 wrote to memory of 2540	1960	195d6cf54e061c06c3d517b43e514780N.exe	31
PID 2540 wrote to memory of 2296	2540	Unicorn-24106.exe	32
PID 2540 wrote to memory of 2296	2540	Unicorn-24106.exe	32
PID 2540 wrote to memory of 2296	2540	Unicorn-24106.exe	32
PID 2540 wrote to memory of 2296	2540	Unicorn-24106.exe	32
PID 1960 wrote to memory of 2736	1960	195d6cf54e061c06c3d517b43e514780N.exe	33
PID 1960 wrote to memory of 2736	1960	195d6cf54e061c06c3d517b43e514780N.exe	33
PID 1960 wrote to memory of 2736	1960	195d6cf54e061c06c3d517b43e514780N.exe	33
PID 1960 wrote to memory of 2736	1960	195d6cf54e061c06c3d517b43e514780N.exe	33
PID 2296 wrote to memory of 2816	2296	Unicorn-65112.exe	34
PID 2296 wrote to memory of 2816	2296	Unicorn-65112.exe	34
PID 2296 wrote to memory of 2816	2296	Unicorn-65112.exe	34
PID 2296 wrote to memory of 2816	2296	Unicorn-65112.exe	34
PID 2540 wrote to memory of 3028	2540	Unicorn-24106.exe	35
PID 2540 wrote to memory of 3028	2540	Unicorn-24106.exe	35
PID 2540 wrote to memory of 3028	2540	Unicorn-24106.exe	35
PID 2540 wrote to memory of 3028	2540	Unicorn-24106.exe	35
PID 2736 wrote to memory of 2984	2736	Unicorn-4214.exe	36
PID 2736 wrote to memory of 2984	2736	Unicorn-4214.exe	36
PID 2736 wrote to memory of 2984	2736	Unicorn-4214.exe	36
PID 2736 wrote to memory of 2984	2736	Unicorn-4214.exe	36
PID 1960 wrote to memory of 2760	1960	195d6cf54e061c06c3d517b43e514780N.exe	37
PID 1960 wrote to memory of 2760	1960	195d6cf54e061c06c3d517b43e514780N.exe	37
PID 1960 wrote to memory of 2760	1960	195d6cf54e061c06c3d517b43e514780N.exe	37
PID 1960 wrote to memory of 2760	1960	195d6cf54e061c06c3d517b43e514780N.exe	37
PID 2760 wrote to memory of 2660	2760	Unicorn-12734.exe	38
PID 2760 wrote to memory of 2660	2760	Unicorn-12734.exe	38
PID 2760 wrote to memory of 2660	2760	Unicorn-12734.exe	38
PID 2760 wrote to memory of 2660	2760	Unicorn-12734.exe	38
PID 2816 wrote to memory of 2576	2816	Unicorn-55813.exe	39
PID 2816 wrote to memory of 2576	2816	Unicorn-55813.exe	39
PID 2816 wrote to memory of 2576	2816	Unicorn-55813.exe	39
PID 2816 wrote to memory of 2576	2816	Unicorn-55813.exe	39
PID 1960 wrote to memory of 2944	1960	195d6cf54e061c06c3d517b43e514780N.exe	40
PID 1960 wrote to memory of 2944	1960	195d6cf54e061c06c3d517b43e514780N.exe	40
PID 1960 wrote to memory of 2944	1960	195d6cf54e061c06c3d517b43e514780N.exe	40
PID 1960 wrote to memory of 2944	1960	195d6cf54e061c06c3d517b43e514780N.exe	40
PID 3028 wrote to memory of 1184	3028	Unicorn-48200.exe	41
PID 3028 wrote to memory of 1184	3028	Unicorn-48200.exe	41
PID 3028 wrote to memory of 1184	3028	Unicorn-48200.exe	41
PID 3028 wrote to memory of 1184	3028	Unicorn-48200.exe	41
PID 2296 wrote to memory of 1444	2296	Unicorn-65112.exe	42
PID 2296 wrote to memory of 1444	2296	Unicorn-65112.exe	42
PID 2296 wrote to memory of 1444	2296	Unicorn-65112.exe	42
PID 2296 wrote to memory of 1444	2296	Unicorn-65112.exe	42
PID 2984 wrote to memory of 2888	2984	Unicorn-2528.exe	44
PID 2984 wrote to memory of 2888	2984	Unicorn-2528.exe	44
PID 2984 wrote to memory of 2888	2984	Unicorn-2528.exe	44
PID 2984 wrote to memory of 2888	2984	Unicorn-2528.exe	44
PID 2540 wrote to memory of 2644	2540	Unicorn-24106.exe	43
PID 2540 wrote to memory of 2644	2540	Unicorn-24106.exe	43
PID 2540 wrote to memory of 2644	2540	Unicorn-24106.exe	43
PID 2540 wrote to memory of 2644	2540	Unicorn-24106.exe	43
PID 2736 wrote to memory of 2016	2736	Unicorn-4214.exe	45
PID 2736 wrote to memory of 2016	2736	Unicorn-4214.exe	45
PID 2736 wrote to memory of 2016	2736	Unicorn-4214.exe	45
PID 2736 wrote to memory of 2016	2736	Unicorn-4214.exe	45
PID 2576 wrote to memory of 2080	2576	Unicorn-7930.exe	46
PID 2576 wrote to memory of 2080	2576	Unicorn-7930.exe	46
PID 2576 wrote to memory of 2080	2576	Unicorn-7930.exe	46
PID 2576 wrote to memory of 2080	2576	Unicorn-7930.exe	46

C:\Users\Admin\AppData\Local\Temp\195d6cf54e061c06c3d517b43e514780N.exe
"C:\Users\Admin\AppData\Local\Temp\195d6cf54e061c06c3d517b43e514780N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        7⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        7⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        6⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        7⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        7⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        6⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        6⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        6⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        5⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        7⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        6⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        6⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        6⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        6⤵
        
        PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        5⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        5⤵
        
        PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        6⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        6⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
        5⤵
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        5⤵
        
        PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39615.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51110.exe
      4⤵
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        5⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
      4⤵
      PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
      4⤵
      PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
      4⤵
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        7⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        7⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        6⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        6⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        5⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9969.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60289.exe
        5⤵
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        5⤵
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34763.exe
      4⤵
      PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5743.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
      4⤵
      PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
        6⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        6⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        5⤵
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        5⤵
        
        PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
      4⤵
      PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
      4⤵
      PID:1492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20245.exe
        6⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        5⤵
        
        PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
      4⤵
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        5⤵
        
        PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
      4⤵
      PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
      4⤵
      PID:5008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16258.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
      4⤵
      PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
    3⤵
    PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
    3⤵
    PID:4280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        7⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20714.exe
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        7⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        6⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14578.exe
        6⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        6⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        5⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        5⤵
        
        PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
      4⤵
      PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
      4⤵
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        6⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        5⤵
        
        PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
        5⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
      4⤵
      PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
      4⤵
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51758.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
      4⤵
      PID:1908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 188
        5⤵
        Program crash
        
        PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
      4⤵
      PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
      4⤵
      PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
      4⤵
      PID:368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
      4⤵
      PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
      4⤵
      PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
    3⤵
    PID:952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
    3⤵
    PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
    3⤵
    PID:3716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
    3⤵
    PID:4944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
        6⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        6⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        5⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
        5⤵
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        5⤵
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
      4⤵
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
      4⤵
      PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23747.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        5⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        5⤵
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
      4⤵
      PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26362.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
      4⤵
      PID:4472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
      4⤵
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
    3⤵
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
    3⤵
    PID:4076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
    3⤵
    PID:928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52121.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
      4⤵
      PID:708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
      4⤵
      PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
    3⤵
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
    3⤵
    PID:4268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
    3⤵
    PID:4956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
      4⤵
      PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
      4⤵
      PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
    3⤵
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
    3⤵
    PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
    3⤵
    PID:4248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
    3⤵
    PID:4888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
    3⤵
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
      4⤵
      PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
    3⤵
    PID:5080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1706.exe
    3⤵
    PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
    3⤵
    PID:4496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
  2⤵
  PID:1148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
  2⤵
  PID:3024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
  2⤵
  PID:1520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
  2⤵
  PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe

Filesize
468KB

MD5
091639177690ec68576ae97922015b1c

SHA1
693fc77359c9cf1f776fd9b88c8754729c98982b

SHA256
b9237e2c371790d192267e4aafe1c8fc8678e9e36793a6f7deb3b2093ca4d5e6

SHA512
0f5aa8a2939906e3f6a66d26ce5bffc0daecbfa5b7324179b1d8e6b15fe1967fc426d22751d74e669eb3326200dc2fb2904a594e702358c68514b08cefbc6af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe

Filesize
468KB

MD5
5fe892b4efc93b409e96e564a02842d2

SHA1
054aaf26458ffcde696c71a9fc8e00db96ab3eae

SHA256
1cca482cbc29610cbf0c50d47112fdfb5ba333dd84a31baeccd0739fe7ff8b53

SHA512
be3ffa164e233ec4905ba88f7b5b72382001ccccebcd0f67a1464d9e543d640f984986871b1b28ac1768e0fc2fb921b1067f6b644e591e91490ca3a171961c7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe

Filesize
468KB

MD5
1569326cb2c0f03ac99a30a2cbd2b664

SHA1
6c6402fccf9889a669f151b11b611f828ed6f972

SHA256
11281b4aedd23bd48d8216b5b0b09ef0fe030f3bf430c15f3eef2aa2f5c2709f

SHA512
f47b56da844a5b37ed4f34104902a19c7542cd61a1ee0ce3aa1a65b318f3580ebd58d732f79d107fc0b6bb59f8e2db11525358647f938e3439092cba62161a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe

Filesize
468KB

MD5
8cf7cc6683b1263420e14e2f04e9a659

SHA1
98f9fddc5b9fbe8c62629b826173f08592f7121c

SHA256
0d35b90dd26d36d50eda9a13ca1284d5a4291c87a81e42f5b5ea0109c4bc5615

SHA512
974e7d5b69b29c5626db8d3b5a1fcd87851b5de34b4446e7786215450d4b8f5bf874854fac8cb0c99d00a64057bf33b5db4a28bef5c96a0eacc3344e82be6fb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe

Filesize
468KB

MD5
41cf484d492395024c5008d0590520d1

SHA1
69765e764ff1eafbfed1b6bb26a38197f1a7c0e1

SHA256
829721c5d0885e33dfba2a5688ff57ca59c0343cafcf09817dccfdabbf553cf0

SHA512
031acb42ef2883a5b33ae15e6669c8ed21337eb2ff16a93bba0027db47f7fc355d68313d275aa68d2714b4ca1d0f1b013e6d6eca89b16155c5dd94705e4fd8c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe

Filesize
468KB

MD5
d518c4d5f0d7ead4dc5951dc9327d051

SHA1
b2657ddfab4693577fe1ce3e3d1d6200ffdca0ef

SHA256
648d2a3e744ecd5d4c9a5802b17723f90a903c0d4174479bee388e88d0b97429

SHA512
3a0351bbfdc39f61659eca7b41ce7bf3cff69018ca02394fed0735cd390895c9ca0b0f99fccc1a909c92a6fdecefe0661baafa7ae418f9378aad0dc02e4d49b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe

Filesize
468KB

MD5
52d40e55f277d4cd709bd236a1d2f718

SHA1
5e271bba98dc554fa240cd2cc0e40ef072107f12

SHA256
f48e59f89799abe5957e744d84dadc148cc4fad02ca5dae445337ece7b486b4f

SHA512
25e70eeac7824c6f9a31f0191ae486f9df8253691f4794c520b0ef43d76db3aa4b12ef17affec4b34cc24dcbf1dcbd130b0b6c205be92a7e5594c5b9540f05e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe

Filesize
468KB

MD5
1ecffe4ea6a91c9722a7b83dc80192c1

SHA1
73b56380333c0168733bc332dd6e8653cd412424

SHA256
64b14a66951456114e3056b06393655d79515d5d38f2d4cf12e6c17d2a96279a

SHA512
d135c7a4eff16dc0961adf75c137b2ac40f47735cc0c2faf302aa939113ffc7f6bea765c0fefd4c81e1072c33265f35dc3db9a67a3a4b644d7d63b03e4a7db09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe

Filesize
468KB

MD5
d9dd0f5d8dc32f8f8786249a3e72fa9f

SHA1
19f9bc241ec14e36dee0cc5e86ba7ef8cf08f806

SHA256
01d31b693f51ce34c4c2b18f8f4b331893e3254aa2da38984156a56e143dd91e

SHA512
d43f096098bd1ddfe9f6ef3f78abf9fc15200219ac4c3bcb3d245a1e33bf7763111a8a3af7187aec8c244a273785609746a348d2cf5badf560b30040ab69707a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe

Filesize
468KB

MD5
237996b88618224ff0cc99c5de92788c

SHA1
9633b8b7572bdce4aaf998ebe76ee8a7625010fc

SHA256
dfb41ea856054df8673db58dc995effe444cf3b3decb5343905b9ca8dad26f30

SHA512
65f222c66e720671a442776cd552bb6d93a6fa1cc6b52e2284d3a3a9fd3f7adf49c28a6037f6e9c7e1c5eb69503b905e43ed4ab8a659062cd7542b69ab84da17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe

Filesize
468KB

MD5
1e58acc723c9b54eeb5fb1222250798f

SHA1
8bf097ccbc705ed512ae3de8562732a032c22f0e

SHA256
29e61bba5970acf17bffaed69e89b629d8e90a8fa9071db8bd2a79e3d2c8eedb

SHA512
91a437fe4abc56578ea5fc07d1f156087979e4fa3fabb76831d89be69895a693f659c6158a28fa1ebbe9e373b27bcb1063d27e61b8ff0d6b66e49be274ca385c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe

Filesize
468KB

MD5
dab1572f3e0818159cb2f7072f043ef8

SHA1
2742c71a455d4f73b91edece47c56a5268952fba

SHA256
4c58971af5f2759af7b8aed358f760096f709ae7606be523318993c411fce32b

SHA512
5ff0b09f59554eb28a4c1b418fedcbf47f481d40fbc5925c0c09b96bde046239563c5578d15cc58048aa7a2fb77956281959d83473d33e33c12920f0eb5397bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe

Filesize
468KB

MD5
4dc17078982b4705f35d357b925883ff

SHA1
061fe4faeb9cf890542236e166bc1be1edb9dfa3

SHA256
1145dd552304e2438179bb8819c7079197cf9706771d31a575aa06e3fff27890

SHA512
427abe1ecf61af537d8eec483efaf32a426cd13e1e43b27afaa6a696bff6adfd585eae49af3977d067a0e65959f5697f53b59763a3df490e9111d5bad86b420a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe

Filesize
468KB

MD5
d9f2bec46db2c23efaa36e4d2cfaf9d6

SHA1
ba0be2b39268520f9fe63f3d13d155df7c1b2acb

SHA256
1cce765f438ba309473ba7e8dc848e349d17b114e4fe9cbdc9f4199594b100a1

SHA512
352e80a9574d25852a26117083082631666fec56b4c99649c818ab652c6119c6c1457719d5cfa3110576211da042041d31200750226ffb7239f6adfb3e8fbe20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe

Filesize
468KB

MD5
c310704fc12d94f740608effc00141f0

SHA1
826d9020c25618914b0ceb5856a1868074aa5a3d

SHA256
75d9ec1441144152a8fa0a9dab4ed76c95b2e144d7d5c367ddc67975a3bddc91

SHA512
68b82fa802bc26e9345c9e488a3310be1552ca5ed3574da292947fc455341612b1adc61b90b5f8247517c1123d8619e400a4deddb4640da79c89a75123521e1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48200.exe

Filesize
468KB

MD5
977b7b72a9be5010d6ecb37d6117bd13

SHA1
d40db9ab4b98f17750fbe3d21bd002b95817e99a

SHA256
5b492d477fb6e525d9c6bb7e36fc5ab74ace9360fa206cb550b84f776797f45a

SHA512
0ffb910713e347b143bfeaa7a21a40635d4631ef981417df664baf5749225819e4ed692d676f8e4a0a95a08dfa6154a613e92e0eabe54a8719b2418d76b4cb9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe

Filesize
468KB

MD5
1e54f594fb52995f30cbb8b9707572a5

SHA1
35880b4f2fde7a32fdfd4e1a5d8f35fe8f56c3e0

SHA256
0e41c1709678c0287ef7bf4eea5505985f4612327daaa38b82dda408d543e6e4

SHA512
d19d418f75443bddbb8b2d9d59d4c77bd994d63f15b8a2f28c7c348b4dc6bc011699cf1aae0034f8b70a431b2d230470979c3c31e4f93d28e72997ee1fc2cf0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe

Filesize
468KB

MD5
c3b64b114baa837b5ef9b378780989b4

SHA1
4629f114c3fdbcd4c9c4325a0a71c167a38d0f3b

SHA256
8a6d9a8aee04f09702c64799bfe1758429bb0245f2e74a02db21b0d96b9f8f0d

SHA512
25320d9047191fad2571d5a8261f31055b54c7eec43fc7e010e018736bdcd9f93676465b8301aea068273a17754ce6e11644c5ff4b9068f57e46a88d206a753b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe

Filesize
468KB

MD5
c4c94069469af737208ae50e7048f08c

SHA1
2682ec9320a88d0492509c16140bdfd8243b3a85

SHA256
31794e1a57afd71b29839f3e065c3a5c6190383dd5f47b9e95666d5beebc5c27

SHA512
d9825c25bd5f9f430de4ec7e47cbc8165f8df49be6382164e838a9e0af444a9a1a06b2568e7b1505b5d541eab18984126d54d0a3e4c532c18fd69f523ca9abb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe

Filesize
468KB

MD5
bce2f4db6bdb33100eeb52a62c943966

SHA1
a0d5ba2518faf51848b9567aecfec7d95031546b

SHA256
0466c2bbc2576328c128d363f797563021f06726673988304b6a87f673ca4de7

SHA512
b9d70cc92153020615b4c5a2a82de951e44124b1211e3d86e331f34fbfe3c01df02086cd58eec9985d9c37a6205061bd576c1ea74093c4cb53f9b11f6fb0511c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe

Filesize
468KB

MD5
c3aedbb2a491683f4e9f706b59723307

SHA1
3e9617b3b7930061545c7bae3d2ba93174f8f31a

SHA256
98d41e753ee8fb91fe1581b01a4322b16d338ee15f995a817edf0d80b43db67f

SHA512
5172335c2086a5d961ea03db277adf4c52060780e47509ece3182606a6257a5e7848eb8c315b35d8f12e161ee7b456ab32ce46b8769db04781524ab9837c2844

Download Submit