4eebb42d389dd095ec9c59ef453fabb6e54b61ee75294c18645d11c4ce04687a

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a45a86ce7cbdd63eafa7be610cebef40N.exe
Size

468KB
MD5

a45a86ce7cbdd63eafa7be610cebef40
SHA1

76eab1fd4d5a4e5985d4049796549261ef68fd39
SHA256

4eebb42d389dd095ec9c59ef453fabb6e54b61ee75294c18645d11c4ce04687a
SHA512

e775c280830722fad7f17219bfaa809d5e362e464c6bd54b8420ce13af2b5881b822d20dc84e06511c6b3d54cbb9eb3a5b1dc1ea93104b7b80c75e4406a49698
SSDEEP

3072:1G3HogIKI05TtbY2HzcOcf8/zChaP0ptnLHeTVPFwq5LVC2s/2lp:1G3oD8TtxH4OcfuYgLwqVc2s/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2272	Unicorn-27512.exe
2116	Unicorn-26609.exe
2780	Unicorn-14911.exe
2836	Unicorn-18571.exe
1824	Unicorn-2042.exe
2748	Unicorn-53281.exe
1688	Unicorn-47714.exe
3052	Unicorn-50340.exe
2552	Unicorn-1694.exe
1064	Unicorn-5031.exe
2524	Unicorn-56323.exe
2432	Unicorn-35156.exe
1324	Unicorn-59660.exe
2928	Unicorn-12305.exe
592	Unicorn-5918.exe
1980	Unicorn-37185.exe
2520	Unicorn-10459.exe
2656	Unicorn-2613.exe
2164	Unicorn-61444.exe
3012	Unicorn-36054.exe
1120	Unicorn-36054.exe
844	Unicorn-62596.exe
3020	Unicorn-32332.exe
1728	Unicorn-7081.exe
776	Unicorn-32140.exe
1268	Unicorn-52006.exe
872	Unicorn-22961.exe
2860	Unicorn-49266.exe
2012	Unicorn-8788.exe
636	Unicorn-32738.exe
2300	Unicorn-23615.exe
2664	Unicorn-20979.exe
1496	Unicorn-10625.exe
1652	Unicorn-26215.exe
1708	Unicorn-32144.exe
904	Unicorn-38275.exe
2364	Unicorn-44258.exe
2708	Unicorn-23091.exe
2732	Unicorn-39162.exe
2768	Unicorn-39235.exe
2596	Unicorn-19177.exe
2692	Unicorn-39043.exe
2700	Unicorn-36857.exe
2936	Unicorn-15498.exe
948	Unicorn-60538.exe
952	Unicorn-30473.exe
1400	Unicorn-65192.exe
1680	Unicorn-54839.exe
944	Unicorn-4891.exe
2396	Unicorn-4891.exe
2560	Unicorn-62623.exe
2916	Unicorn-39270.exe
2900	Unicorn-29586.exe
2948	Unicorn-50776.exe
2624	Unicorn-41247.exe
2996	Unicorn-11736.exe
2392	Unicorn-11736.exe
2060	Unicorn-11736.exe
2132	Unicorn-28627.exe
908	Unicorn-42363.exe
2120	Unicorn-39563.exe
1332	Unicorn-49436.exe
1528	Unicorn-55301.exe
1712	Unicorn-49436.exe

Loads dropped DLL 64 IoCs

pid	Process
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
2272	Unicorn-27512.exe
2272	Unicorn-27512.exe
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
2116	Unicorn-26609.exe
2116	Unicorn-26609.exe
2780	Unicorn-14911.exe
2780	Unicorn-14911.exe
2272	Unicorn-27512.exe
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
2272	Unicorn-27512.exe
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
2836	Unicorn-18571.exe
2836	Unicorn-18571.exe
2116	Unicorn-26609.exe
2116	Unicorn-26609.exe
1824	Unicorn-2042.exe
1824	Unicorn-2042.exe
2780	Unicorn-14911.exe
2780	Unicorn-14911.exe
2748	Unicorn-53281.exe
2748	Unicorn-53281.exe
1688	Unicorn-47714.exe
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
2272	Unicorn-27512.exe
1688	Unicorn-47714.exe
2272	Unicorn-27512.exe
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
3052	Unicorn-50340.exe
3052	Unicorn-50340.exe
2836	Unicorn-18571.exe
2836	Unicorn-18571.exe
2552	Unicorn-1694.exe
2552	Unicorn-1694.exe
2116	Unicorn-26609.exe
2116	Unicorn-26609.exe
2524	Unicorn-56323.exe
1064	Unicorn-5031.exe
1064	Unicorn-5031.exe
2524	Unicorn-56323.exe
2780	Unicorn-14911.exe
2780	Unicorn-14911.exe
1824	Unicorn-2042.exe
1824	Unicorn-2042.exe
2432	Unicorn-35156.exe
2432	Unicorn-35156.exe
2748	Unicorn-53281.exe
2928	Unicorn-12305.exe
2748	Unicorn-53281.exe
2928	Unicorn-12305.exe
2272	Unicorn-27512.exe
2272	Unicorn-27512.exe
1324	Unicorn-59660.exe
1324	Unicorn-59660.exe
1688	Unicorn-47714.exe
1688	Unicorn-47714.exe
592	Unicorn-5918.exe
592	Unicorn-5918.exe
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
1980	Unicorn-37185.exe
1980	Unicorn-37185.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1732	2560	WerFault.exe	79

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31550.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2960	a45a86ce7cbdd63eafa7be610cebef40N.exe
2272	Unicorn-27512.exe
2116	Unicorn-26609.exe
2780	Unicorn-14911.exe
2836	Unicorn-18571.exe
1824	Unicorn-2042.exe
1688	Unicorn-47714.exe
2748	Unicorn-53281.exe
3052	Unicorn-50340.exe
2552	Unicorn-1694.exe
1064	Unicorn-5031.exe
592	Unicorn-5918.exe
2432	Unicorn-35156.exe
2524	Unicorn-56323.exe
2928	Unicorn-12305.exe
1324	Unicorn-59660.exe
1980	Unicorn-37185.exe
2520	Unicorn-10459.exe
2656	Unicorn-2613.exe
2164	Unicorn-61444.exe
1120	Unicorn-36054.exe
3012	Unicorn-36054.exe
844	Unicorn-62596.exe
3020	Unicorn-32332.exe
1728	Unicorn-7081.exe
1268	Unicorn-52006.exe
776	Unicorn-32140.exe
872	Unicorn-22961.exe
2860	Unicorn-49266.exe
2012	Unicorn-8788.exe
636	Unicorn-32738.exe
2300	Unicorn-23615.exe
1496	Unicorn-10625.exe
2664	Unicorn-20979.exe
1652	Unicorn-26215.exe
904	Unicorn-38275.exe
2364	Unicorn-44258.exe
2708	Unicorn-23091.exe
1708	Unicorn-32144.exe
2732	Unicorn-39162.exe
2768	Unicorn-39235.exe
2596	Unicorn-19177.exe
2692	Unicorn-39043.exe
2700	Unicorn-36857.exe
2936	Unicorn-15498.exe
948	Unicorn-60538.exe
952	Unicorn-30473.exe
1400	Unicorn-65192.exe
944	Unicorn-4891.exe
2396	Unicorn-4891.exe
1680	Unicorn-54839.exe
2560	Unicorn-62623.exe
2916	Unicorn-39270.exe
2900	Unicorn-29586.exe
2624	Unicorn-41247.exe
2948	Unicorn-50776.exe
2120	Unicorn-39563.exe
2996	Unicorn-11736.exe
2060	Unicorn-11736.exe
2392	Unicorn-11736.exe
2132	Unicorn-28627.exe
908	Unicorn-42363.exe
1332	Unicorn-49436.exe
1528	Unicorn-55301.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2272	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	29
PID 2960 wrote to memory of 2272	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	29
PID 2960 wrote to memory of 2272	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	29
PID 2960 wrote to memory of 2272	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	29
PID 2272 wrote to memory of 2116	2272	Unicorn-27512.exe	30
PID 2272 wrote to memory of 2116	2272	Unicorn-27512.exe	30
PID 2272 wrote to memory of 2116	2272	Unicorn-27512.exe	30
PID 2272 wrote to memory of 2116	2272	Unicorn-27512.exe	30
PID 2960 wrote to memory of 2780	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	31
PID 2960 wrote to memory of 2780	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	31
PID 2960 wrote to memory of 2780	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	31
PID 2960 wrote to memory of 2780	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	31
PID 2116 wrote to memory of 2836	2116	Unicorn-26609.exe	32
PID 2116 wrote to memory of 2836	2116	Unicorn-26609.exe	32
PID 2116 wrote to memory of 2836	2116	Unicorn-26609.exe	32
PID 2116 wrote to memory of 2836	2116	Unicorn-26609.exe	32
PID 2780 wrote to memory of 1824	2780	Unicorn-14911.exe	33
PID 2780 wrote to memory of 1824	2780	Unicorn-14911.exe	33
PID 2780 wrote to memory of 1824	2780	Unicorn-14911.exe	33
PID 2780 wrote to memory of 1824	2780	Unicorn-14911.exe	33
PID 2272 wrote to memory of 1688	2272	Unicorn-27512.exe	34
PID 2272 wrote to memory of 1688	2272	Unicorn-27512.exe	34
PID 2272 wrote to memory of 1688	2272	Unicorn-27512.exe	34
PID 2272 wrote to memory of 1688	2272	Unicorn-27512.exe	34
PID 2960 wrote to memory of 2748	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	35
PID 2960 wrote to memory of 2748	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	35
PID 2960 wrote to memory of 2748	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	35
PID 2960 wrote to memory of 2748	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	35
PID 2836 wrote to memory of 3052	2836	Unicorn-18571.exe	36
PID 2836 wrote to memory of 3052	2836	Unicorn-18571.exe	36
PID 2836 wrote to memory of 3052	2836	Unicorn-18571.exe	36
PID 2836 wrote to memory of 3052	2836	Unicorn-18571.exe	36
PID 2116 wrote to memory of 2552	2116	Unicorn-26609.exe	37
PID 2116 wrote to memory of 2552	2116	Unicorn-26609.exe	37
PID 2116 wrote to memory of 2552	2116	Unicorn-26609.exe	37
PID 2116 wrote to memory of 2552	2116	Unicorn-26609.exe	37
PID 1824 wrote to memory of 1064	1824	Unicorn-2042.exe	38
PID 1824 wrote to memory of 1064	1824	Unicorn-2042.exe	38
PID 1824 wrote to memory of 1064	1824	Unicorn-2042.exe	38
PID 1824 wrote to memory of 1064	1824	Unicorn-2042.exe	38
PID 2780 wrote to memory of 2524	2780	Unicorn-14911.exe	39
PID 2780 wrote to memory of 2524	2780	Unicorn-14911.exe	39
PID 2780 wrote to memory of 2524	2780	Unicorn-14911.exe	39
PID 2780 wrote to memory of 2524	2780	Unicorn-14911.exe	39
PID 2748 wrote to memory of 2432	2748	Unicorn-53281.exe	40
PID 2748 wrote to memory of 2432	2748	Unicorn-53281.exe	40
PID 2748 wrote to memory of 2432	2748	Unicorn-53281.exe	40
PID 2748 wrote to memory of 2432	2748	Unicorn-53281.exe	40
PID 1688 wrote to memory of 1324	1688	Unicorn-47714.exe	41
PID 1688 wrote to memory of 1324	1688	Unicorn-47714.exe	41
PID 1688 wrote to memory of 1324	1688	Unicorn-47714.exe	41
PID 1688 wrote to memory of 1324	1688	Unicorn-47714.exe	41
PID 2272 wrote to memory of 2928	2272	Unicorn-27512.exe	43
PID 2272 wrote to memory of 2928	2272	Unicorn-27512.exe	43
PID 2272 wrote to memory of 2928	2272	Unicorn-27512.exe	43
PID 2272 wrote to memory of 2928	2272	Unicorn-27512.exe	43
PID 2960 wrote to memory of 592	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	42
PID 2960 wrote to memory of 592	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	42
PID 2960 wrote to memory of 592	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	42
PID 2960 wrote to memory of 592	2960	a45a86ce7cbdd63eafa7be610cebef40N.exe	42
PID 3052 wrote to memory of 1980	3052	Unicorn-50340.exe	44
PID 3052 wrote to memory of 1980	3052	Unicorn-50340.exe	44
PID 3052 wrote to memory of 1980	3052	Unicorn-50340.exe	44
PID 3052 wrote to memory of 1980	3052	Unicorn-50340.exe	44

C:\Users\Admin\AppData\Local\Temp\a45a86ce7cbdd63eafa7be610cebef40N.exe
"C:\Users\Admin\AppData\Local\Temp\a45a86ce7cbdd63eafa7be610cebef40N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48529.exe
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        7⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        7⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19773.exe
        6⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        6⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        7⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        6⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        6⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
        6⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        6⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59505.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        7⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        6⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        7⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        5⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-730.exe
        5⤵
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38080.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        7⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        7⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57660.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        7⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        6⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        6⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6549.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        5⤵
        
        PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        6⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38080.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        5⤵
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        6⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        5⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
        5⤵
        
        PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        6⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        5⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3972.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
        5⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        5⤵
        
        PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
      4⤵
      PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        6⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        6⤵
        Program crash
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        5⤵
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34984.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36847.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        5⤵
        
        PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38080.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
      4⤵
      PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
      4⤵
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6549.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      4⤵
      PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
      4⤵
      PID:4276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47230.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
        6⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        5⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        5⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
        5⤵
        
        PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        5⤵
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
      4⤵
      PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
      4⤵
      PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
      4⤵
      PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
      4⤵
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
      4⤵
      PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
      4⤵
      PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
      4⤵
      PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
      4⤵
      PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
      4⤵
      PID:4936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
    3⤵
    PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21819.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
    3⤵
    PID:4164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5031.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        7⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        6⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4881.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        6⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        5⤵
        
        PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        5⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        5⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
        5⤵
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
      4⤵
      PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        7⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        7⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        6⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        5⤵
        
        PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13661.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35902.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
      4⤵
      PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
      4⤵
      PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        5⤵
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3972.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
      4⤵
      PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
    3⤵
    PID:1292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
    3⤵
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
    3⤵
    PID:432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
    3⤵
    PID:4292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        7⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60909.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17676.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        5⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
        5⤵
        
        PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        5⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
        6⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        6⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38080.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4351.exe
        5⤵
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
      4⤵
      Executes dropped EXE
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        5⤵
        
        PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
      4⤵
      PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
      4⤵
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        5⤵
        
        PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
      4⤵
      PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
      4⤵
      PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
      4⤵
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
      4⤵
      PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
    3⤵
    PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
    3⤵
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
    3⤵
    PID:4916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        5⤵
        
        PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
      4⤵
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
      4⤵
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22747.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
      4⤵
      PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
    3⤵
    PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
    3⤵
    PID:4448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
      4⤵
      PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
      4⤵
      PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
      4⤵
      PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
    3⤵
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
    3⤵
    PID:3716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
    3⤵
    PID:4652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
      4⤵
      PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
    3⤵
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
    3⤵
    PID:4340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
  2⤵
  PID:2796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51831.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51831.exe
  2⤵
  PID:2616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8944.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8944.exe
  2⤵
  PID:3500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
  2⤵
  PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe

Filesize
468KB

MD5
ad36e5aed25e96929452a3e73648b16b

SHA1
b46862d1539b2d931858a22041c0a5151f812e16

SHA256
9918adcd043ef85134d54018be88076600cc6e36fdad11cdde9affc8c2b8f452

SHA512
54210f81e9b230bcf8324039660a8e8d7bc5af451e68e664bb26c6506fc9e0ef304ccfdd42cbfb8d47585019da380ed074d432c9b04f5b05d92b5076f158a61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe

Filesize
468KB

MD5
2b3d59ee6de72b68d7a5f40d3f6e98be

SHA1
4d77cdfff31b5bd893fb4db8a3aa253ead4ac902

SHA256
d2cdbd67e5385786cb9904e7816b6c0ec3cc9605f4403bfdf347640a56ca9446

SHA512
a6af45e4c409ac5723a3d53d84ca19552300f1ff6aecca9b8c050b27c1220f7d9426f2ce33efbdb2f0a7e899929ad1fa9e906b53dba377b6903ef8d8bda00a11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe

Filesize
468KB

MD5
8d910bceb9c2f91a5ab22a29a70e3551

SHA1
a568ab36d492bf6c896cfc5b86ad222d9f3459ec

SHA256
2beabf944864d7c9e9c499f89ef550b118b28640c94f3fed669cd1e0a3584c3e

SHA512
e99df4fb0685d71bd11a42c69d76d9c66ee60c13e4c225f9010bdee66156b106ba7ec75bbbcb867cbf8073c59ab5f48bb2fbad06b8b4102948f0ff97df150226

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe

Filesize
468KB

MD5
eb4a8ebdfc09cd54aac19a67b7586e20

SHA1
dcf7a74e19f07ec4c60ea3be1cb621a0f1220616

SHA256
e84557a8e9c4bcb8536086aea5a4282a03e0d78f45a4141ce5c10da905ed615d

SHA512
5b18ae6dca34a22c1b0e6d95210b7a768dee52ea852760a83d882540fd2dda626f7064742a1ad441d32457fdb16500fcec5672e9fb04facc3acca03408032fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe

Filesize
468KB

MD5
c02c07a8c4a25ec727471d06df8a627e

SHA1
11649d566d13d3e0f14e10b3eea4bb5fb0c43763

SHA256
6068e6192a3cb478cc6fa92bade4f84c9f2235870f6b1052c236a3601fc49d3a

SHA512
24a03d90a5392e0b597466ae3f5086d8375de8d49b378fd78bae106be1400e709ba8a2b581b72f06b2430df1f72ddba90274d7e5e7901da7be39f927dde716d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe

Filesize
468KB

MD5
1870dcce338749996a321b4df9c3290e

SHA1
5086ba7c4793623f6582ff304c11fa585d1f6883

SHA256
15fb68aa8e0da6e68bf391423b097771ddef5b6045ac19a023b82ee70a5ee943

SHA512
abf8c6bee46728465ecf2fec4bbb47930f176ed1544d9c565514064668321b1554d3e7785d435d209ceb27130f77ae60aa4cb42f07889493c92dc7e9191fecd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe

Filesize
468KB

MD5
8d2e1629681feeb2840645108b908296

SHA1
75b73486ae092e4b183e8159fffdd7f082e26dbe

SHA256
b40e28726373c70437b188599b84882d23a27a42aac735c45e53b2eb3c5c3e02

SHA512
8514c7b77edcb9a32d486dbecb81060ec569ed9e7b74956d831c4df1b01b8a10a6f636d922837b6e3a478b85f24830c7997f49bf25c8521fd02b5a9d0b944654

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe

Filesize
468KB

MD5
423015ae65be2fc0187c3128049db89e

SHA1
43b645badf2f6f39104adbb101495090dcf23df2

SHA256
bd359024171069463ff1dede47e25de04603854d7702a41f7bf15e4b0d06d154

SHA512
6871a55a1a5b5fa1f91d762d55f61416378aeb430809408a0bc14d3c2a3c1b8dcda93c85d0ea83349387a76f17cd31f94d80fb6027a51c9778af50fdf99228b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe

Filesize
468KB

MD5
c19db711b81078ec9375b6ee2b1d816f

SHA1
ceb6771533d0bea51d9a8168df36d810d80c3173

SHA256
1e88c5dd4b2d4cfb5eb806a2cd24d9ef902f0877f12a4cd600b6d00f6fe893b1

SHA512
f3e3e41b11eba17a26b3d5320e3dfac2f215ca03e32dc28321fb273b361c768dfc2165501a7ce26b959fc6953d4f1fbe5f9786fc7e41a027a2dce9c5b07c8485

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5031.exe

Filesize
468KB

MD5
d818363e7a99072ff86db97de5f29ba8

SHA1
9d24a01984fd7aa43ea5cbbadebc98f68bd52309

SHA256
4f8e1f031eaacebe1854dc5e43aae877a19e65e6018e22d72902ee56fc58afe0

SHA512
3d7c0dda3018a026b11410ab34ebc50f36c31fcc6cf748c58b9d0dd3721db33bade58436c4794877dd4f5959f97cb975e2d05f1353a12ec9743e41ea7c07b7f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe

Filesize
468KB

MD5
cf99501f9b902ba212479dfd4ac73b77

SHA1
4d0f08bfb925ed7ef58c1e1f4723f75c566ceef4

SHA256
384e2052e356b3e5b237726f2db49c3847f625666c9b8514c034dfa7e0b7e036

SHA512
f9a63e2aac79aa9bf5a8addd51f669a1346a27a2c7e6edf8e544f275e2c9c8f3dba6af12cad8684c2ba0ca85b829a1030728a7080fcbec0b4a2ce3e36be5e19d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe

Filesize
468KB

MD5
5171603736a7b96600dd854c8b57a793

SHA1
e938be592fc12255e392f5b2a2b68e2fdafa96a2

SHA256
3e5ea21b36d2c8891eadad9c86226cb5284a6efa65670ce482e64f1b9bacdab3

SHA512
0ff39499268c2f138a4008450c9d74b6b370463c4ea477f7da729e300e9bc274bfa34dbf213476a9bb31cf19e21bcc8615e849ca935158608d7a9ec255bfefba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe

Filesize
468KB

MD5
bb3256ddcdaeeabac35b91079a269c54

SHA1
7e5a4574cf48d3e4817a688f076abacd93a4e149

SHA256
b7b0c7a368bde6724f1da7dfa1e78c32afe53f09864d50934bbd7886e79d2f30

SHA512
1463f1c7871101ece04277115f38b7a6d97767be8e597565e3bf76b0dfade3937be080283f6721e3e1d3dfef6282ab079fca01cec419a35da9f3c29283897149

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe

Filesize
468KB

MD5
966863278057d09222fc45e2366bf408

SHA1
4292c94011a56789f0495297df36db6a4ccc354e

SHA256
98d6ae0f4d6b70e487f300ccba01769f7d7885c5fb87f167d69014471681eff3

SHA512
f1089c5a68ecca160ce8e340cb96567a6fa5467d30e3bc2c1b776f47609ccf3d40bb293992feaa6876a2206930835799e2881ea1dc43e3aedbb269bb1481f31e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe

Filesize
468KB

MD5
a5c72d2734c14063090c5e77fa1e27b4

SHA1
4ff78067ff3a1fe97f75c4c49880fff55b6de139

SHA256
da00a3751f83973260d123fdcea08399f6a3a168afe7ec1cfc5601524279267e

SHA512
61e8c28f3dbd40487b5fc467ec7112876dc304de21ca51f883af51409eb810a343e7465a01c14edd4bbcb1bec0f13d572bf2d290054bfe59851f43f8cc9f28df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe

Filesize
468KB

MD5
e844af6ba40ed450f03b65775751602b

SHA1
3d5b8f698254c5b153ba471c0e0c5a5e11dbfa0e

SHA256
864a8f36539e26d56a37180588a0e89b74af487609fc4308f7b95ea7d0392024

SHA512
f30bde58a910f5ef103e049a2ce8f1d4a255c9831a34d28edc603a95021ed5f2a8b0ccf4218de36558d08c9130c6bfe787d897d5b2848d79903f15cda51790e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe

Filesize
468KB

MD5
a8f65341e3b4d5e20a77e17a023308f7

SHA1
22f08deb05f7fbdc163c6a7252ab15d27bf6f08f

SHA256
e8e17cbd1efebc8b6fa6847f4c70838020b853924a13bf3e18575e58f84de4b9

SHA512
2271add5139b6b5550c9bf3d2e2fdcdaaf35e92b89277e6fadb56a521cbb90d11c3cc221d64b48e7a667388b9aba5ed5f1a6d1746605a0215a3574d6dd011ed0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe

Filesize
468KB

MD5
41c86a1e542aa9f5cbc0c60c175c969d

SHA1
8e1e47ee48bb999b951fb273332b3f502e62769a

SHA256
368d351f23635373a7611c08118a3bb85db3620d4124801487593c622fa6f5d2

SHA512
beb16417f8c3bd3b6703e518a23008d95c32056b353769c77b295ce0f0cbdcf30449494ee44f138573975a51c3ef11f58c7a197b9467a87486c98e7d256b4fea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe

Filesize
468KB

MD5
5296114aded98eaab7b4100ef2950275

SHA1
d23d99fb340e6b5fccc5e27f73d146b858331cc7

SHA256
7b351596d022c7b3a0bdb46ec889c4476307ad677e25ccb0d963904a5f26358d

SHA512
fb94fa65a0f9b72e39b53e48e23f71b39be14e7075d0d9a46482c1e447d15f3349ef1451c4d765d2fdc2eb4d40165bcf3e70905ecc4295bc40be46c562a41a28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe

Filesize
468KB

MD5
9ddc5639366c0811b6fe6f136874ab48

SHA1
b47c2b9eeeb504addad9b2f8d4e6f99e6ff28005

SHA256
3de925af87c4fa84f882ec836b91e09ed29ca792734ab0b48639f5691a48aad0

SHA512
26ab50ceac3f1ba1624eaf75a9861779fb6391bac235da0d2bd1267fde3e0ed88e2c2627cef534040a617d5bd9c30a8c6548a1e06fbc320ea7686e189c997de5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe

Filesize
468KB

MD5
381c28b46f8ea5bf751d88ddd38e8655

SHA1
150da445f763cb6c539258a6c8c147564de78cc8

SHA256
9147db102e736cd243b9f3cd221c8013ac4938164943d8825585a4b293fc07b6

SHA512
ee5e6c58f55fc95cb64e6d10466ff240bd3fbc2c68d43c1bcadc9c6f3abf2c721f9d48da5a42ef577a2c581dad3d3229ec331bf7361beb32475ddd64ffe1ddc3

Download Submit