fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
Size

468KB
MD5

8aec08493c042408f3e217e2d81c7ec0
SHA1

0bb2f1555ec08074f2e72bb2f48f2bf5bacf094f
SHA256

fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4
SHA512

aef2de9b2869c20836122f427cdc12f279b7248c3417bf9c3e24909a69e54545f890592c3d8d0e1759125a6ac51f7bd126124633a1a3aebc4b87d926b10c8ff5
SSDEEP

3072:1buEogIuIw5UtbYJHzcjFf8/EoOCPlpC6LH0rVPmqaXKTCQzLses:1bFo3gUtOH4jFf8jUUqa6WQzL

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2940	Unicorn-42732.exe
2076	Unicorn-65023.exe
2096	Unicorn-49694.exe
2692	Unicorn-23927.exe
2760	Unicorn-33623.exe
3032	Unicorn-54427.exe
2700	Unicorn-31319.exe
2604	Unicorn-4290.exe
2800	Unicorn-13645.exe
3052	Unicorn-35427.exe
2336	Unicorn-43459.exe
2120	Unicorn-63325.exe
1340	Unicorn-43459.exe
2440	Unicorn-63325.exe
956	Unicorn-63060.exe
2784	Unicorn-7451.exe
2724	Unicorn-40295.exe
964	Unicorn-38064.exe
1820	Unicorn-56045.exe
2984	Unicorn-18966.exe
1548	Unicorn-63248.exe
2036	Unicorn-43382.exe
2144	Unicorn-9946.exe
2332	Unicorn-16077.exe
112	Unicorn-13772.exe
2132	Unicorn-25431.exe
924	Unicorn-32439.exe
2964	Unicorn-17373.exe
1984	Unicorn-28308.exe
1964	Unicorn-54836.exe
2296	Unicorn-48318.exe
776	Unicorn-101.exe
1732	Unicorn-43660.exe
2496	Unicorn-20683.exe
1716	Unicorn-42228.exe
236	Unicorn-59790.exe
3064	Unicorn-47112.exe
2384	Unicorn-47377.exe
2732	Unicorn-41242.exe
1792	Unicorn-28820.exe
2960	Unicorn-16541.exe
2780	Unicorn-15201.exe
2596	Unicorn-49681.exe
2536	Unicorn-4009.exe
2708	Unicorn-2255.exe
2776	Unicorn-2255.exe
3048	Unicorn-4890.exe
2524	Unicorn-56692.exe
1992	Unicorn-24752.exe
2936	Unicorn-26864.exe
836	Unicorn-10505.exe
968	Unicorn-16370.exe
2160	Unicorn-16636.exe
1872	Unicorn-16636.exe
1772	Unicorn-7705.exe
1144	Unicorn-37189.exe
2888	Unicorn-62655.exe
2832	Unicorn-1041.exe
2924	Unicorn-60448.exe
1736	Unicorn-13765.exe
804	Unicorn-3646.exe
1832	Unicorn-47134.exe
1060	Unicorn-58405.exe
1604	Unicorn-53120.exe

Loads dropped DLL 64 IoCs

pid	Process
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
2940	Unicorn-42732.exe
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
2940	Unicorn-42732.exe
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
2076	Unicorn-65023.exe
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
2076	Unicorn-65023.exe
2096	Unicorn-49694.exe
2096	Unicorn-49694.exe
2940	Unicorn-42732.exe
2940	Unicorn-42732.exe
3032	Unicorn-54427.exe
3032	Unicorn-54427.exe
2940	Unicorn-42732.exe
2700	Unicorn-31319.exe
2940	Unicorn-42732.exe
2700	Unicorn-31319.exe
2096	Unicorn-49694.exe
2692	Unicorn-23927.exe
2096	Unicorn-49694.exe
2692	Unicorn-23927.exe
2076	Unicorn-65023.exe
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
2076	Unicorn-65023.exe
2760	Unicorn-33623.exe
2760	Unicorn-33623.exe
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
2800	Unicorn-13645.exe
2800	Unicorn-13645.exe
2940	Unicorn-42732.exe
2940	Unicorn-42732.exe
3052	Unicorn-35427.exe
3052	Unicorn-35427.exe
2440	Unicorn-63325.exe
2440	Unicorn-63325.exe
2700	Unicorn-31319.exe
2700	Unicorn-31319.exe
1340	Unicorn-43459.exe
1340	Unicorn-43459.exe
2760	Unicorn-33623.exe
2760	Unicorn-33623.exe
2076	Unicorn-65023.exe
2336	Unicorn-43459.exe
2076	Unicorn-65023.exe
2336	Unicorn-43459.exe
2604	Unicorn-4290.exe
2604	Unicorn-4290.exe
2096	Unicorn-49694.exe
956	Unicorn-63060.exe
2096	Unicorn-49694.exe
956	Unicorn-63060.exe
3032	Unicorn-54427.exe
3032	Unicorn-54427.exe
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
2120	Unicorn-63325.exe
2120	Unicorn-63325.exe
2692	Unicorn-23927.exe
2692	Unicorn-23927.exe
2784	Unicorn-7451.exe
2784	Unicorn-7451.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4216	2304	WerFault.exe	273

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26384.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
2940	Unicorn-42732.exe
2076	Unicorn-65023.exe
2096	Unicorn-49694.exe
2760	Unicorn-33623.exe
3032	Unicorn-54427.exe
2700	Unicorn-31319.exe
2692	Unicorn-23927.exe
2800	Unicorn-13645.exe
2604	Unicorn-4290.exe
3052	Unicorn-35427.exe
1340	Unicorn-43459.exe
2336	Unicorn-43459.exe
2440	Unicorn-63325.exe
2120	Unicorn-63325.exe
956	Unicorn-63060.exe
2784	Unicorn-7451.exe
964	Unicorn-38064.exe
2724	Unicorn-40295.exe
1548	Unicorn-63248.exe
1820	Unicorn-56045.exe
2144	Unicorn-9946.exe
2984	Unicorn-18966.exe
2332	Unicorn-16077.exe
2036	Unicorn-43382.exe
112	Unicorn-13772.exe
2132	Unicorn-25431.exe
924	Unicorn-32439.exe
1984	Unicorn-28308.exe
1964	Unicorn-54836.exe
2964	Unicorn-17373.exe
2296	Unicorn-48318.exe
776	Unicorn-101.exe
1732	Unicorn-43660.exe
2496	Unicorn-20683.exe
1716	Unicorn-42228.exe
236	Unicorn-59790.exe
3064	Unicorn-47112.exe
2384	Unicorn-47377.exe
2732	Unicorn-41242.exe
1792	Unicorn-28820.exe
2960	Unicorn-16541.exe
3048	Unicorn-4890.exe
2780	Unicorn-15201.exe
2708	Unicorn-2255.exe
2596	Unicorn-49681.exe
2776	Unicorn-2255.exe
2536	Unicorn-4009.exe
1992	Unicorn-24752.exe
2524	Unicorn-56692.exe
836	Unicorn-10505.exe
968	Unicorn-16370.exe
2936	Unicorn-26864.exe
1872	Unicorn-16636.exe
1144	Unicorn-37189.exe
2160	Unicorn-16636.exe
1772	Unicorn-7705.exe
2888	Unicorn-62655.exe
2832	Unicorn-1041.exe
2924	Unicorn-60448.exe
804	Unicorn-3646.exe
1736	Unicorn-13765.exe
1832	Unicorn-47134.exe
1060	Unicorn-58405.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2940	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	29
PID 1756 wrote to memory of 2940	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	29
PID 1756 wrote to memory of 2940	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	29
PID 1756 wrote to memory of 2940	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	29
PID 2940 wrote to memory of 2096	2940	Unicorn-42732.exe	30
PID 2940 wrote to memory of 2096	2940	Unicorn-42732.exe	30
PID 2940 wrote to memory of 2096	2940	Unicorn-42732.exe	30
PID 2940 wrote to memory of 2096	2940	Unicorn-42732.exe	30
PID 1756 wrote to memory of 2076	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	31
PID 1756 wrote to memory of 2076	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	31
PID 1756 wrote to memory of 2076	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	31
PID 1756 wrote to memory of 2076	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	31
PID 1756 wrote to memory of 2692	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	33
PID 1756 wrote to memory of 2692	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	33
PID 1756 wrote to memory of 2692	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	33
PID 1756 wrote to memory of 2692	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	33
PID 2076 wrote to memory of 2760	2076	Unicorn-65023.exe	32
PID 2076 wrote to memory of 2760	2076	Unicorn-65023.exe	32
PID 2076 wrote to memory of 2760	2076	Unicorn-65023.exe	32
PID 2076 wrote to memory of 2760	2076	Unicorn-65023.exe	32
PID 2096 wrote to memory of 2700	2096	Unicorn-49694.exe	34
PID 2096 wrote to memory of 2700	2096	Unicorn-49694.exe	34
PID 2096 wrote to memory of 2700	2096	Unicorn-49694.exe	34
PID 2096 wrote to memory of 2700	2096	Unicorn-49694.exe	34
PID 2940 wrote to memory of 3032	2940	Unicorn-42732.exe	35
PID 2940 wrote to memory of 3032	2940	Unicorn-42732.exe	35
PID 2940 wrote to memory of 3032	2940	Unicorn-42732.exe	35
PID 2940 wrote to memory of 3032	2940	Unicorn-42732.exe	35
PID 3032 wrote to memory of 2604	3032	Unicorn-54427.exe	36
PID 3032 wrote to memory of 2604	3032	Unicorn-54427.exe	36
PID 3032 wrote to memory of 2604	3032	Unicorn-54427.exe	36
PID 3032 wrote to memory of 2604	3032	Unicorn-54427.exe	36
PID 2940 wrote to memory of 2800	2940	Unicorn-42732.exe	37
PID 2940 wrote to memory of 2800	2940	Unicorn-42732.exe	37
PID 2940 wrote to memory of 2800	2940	Unicorn-42732.exe	37
PID 2940 wrote to memory of 2800	2940	Unicorn-42732.exe	37
PID 2700 wrote to memory of 3052	2700	Unicorn-31319.exe	38
PID 2700 wrote to memory of 3052	2700	Unicorn-31319.exe	38
PID 2700 wrote to memory of 3052	2700	Unicorn-31319.exe	38
PID 2700 wrote to memory of 3052	2700	Unicorn-31319.exe	38
PID 2096 wrote to memory of 2336	2096	Unicorn-49694.exe	39
PID 2096 wrote to memory of 2336	2096	Unicorn-49694.exe	39
PID 2096 wrote to memory of 2336	2096	Unicorn-49694.exe	39
PID 2096 wrote to memory of 2336	2096	Unicorn-49694.exe	39
PID 2692 wrote to memory of 2120	2692	Unicorn-23927.exe	40
PID 2692 wrote to memory of 2120	2692	Unicorn-23927.exe	40
PID 2692 wrote to memory of 2120	2692	Unicorn-23927.exe	40
PID 2692 wrote to memory of 2120	2692	Unicorn-23927.exe	40
PID 2076 wrote to memory of 1340	2076	Unicorn-65023.exe	41
PID 2076 wrote to memory of 1340	2076	Unicorn-65023.exe	41
PID 2076 wrote to memory of 1340	2076	Unicorn-65023.exe	41
PID 2076 wrote to memory of 1340	2076	Unicorn-65023.exe	41
PID 2760 wrote to memory of 2440	2760	Unicorn-33623.exe	43
PID 2760 wrote to memory of 2440	2760	Unicorn-33623.exe	43
PID 2760 wrote to memory of 2440	2760	Unicorn-33623.exe	43
PID 2760 wrote to memory of 2440	2760	Unicorn-33623.exe	43
PID 1756 wrote to memory of 956	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	42
PID 1756 wrote to memory of 956	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	42
PID 1756 wrote to memory of 956	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	42
PID 1756 wrote to memory of 956	1756	fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe	42
PID 2800 wrote to memory of 2784	2800	Unicorn-13645.exe	44
PID 2800 wrote to memory of 2784	2800	Unicorn-13645.exe	44
PID 2800 wrote to memory of 2784	2800	Unicorn-13645.exe	44
PID 2800 wrote to memory of 2784	2800	Unicorn-13645.exe	44

C:\Users\Admin\AppData\Local\Temp\fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe
"C:\Users\Admin\AppData\Local\Temp\fbbfe12a3e93bb3bb673fac2f6b2217c5cedce8d91d4429202ff0edfad98dba4N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31319.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        7⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        7⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        6⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        6⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        6⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        7⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        6⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        6⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
        6⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        5⤵
        
        PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15414.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
        7⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        7⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 188
        8⤵
        Program crash
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        7⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
        6⤵
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        6⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44301.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        6⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        6⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59300.exe
        5⤵
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27193.exe
        5⤵
        
        PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        6⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
        5⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        5⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        5⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        5⤵
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
      4⤵
      PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
      4⤵
      PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        6⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        6⤵
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21496.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        6⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        5⤵
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        5⤵
        
        PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        5⤵
        Executes dropped EXE
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        6⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        5⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65518.exe
        5⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        5⤵
        
        PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43525.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
      4⤵
      PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1041.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        7⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        6⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        6⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11427.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
        6⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        5⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        6⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        5⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        5⤵
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
      4⤵
      PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
      4⤵
      PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
        5⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        5⤵
        
        PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
      4⤵
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11427.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
      4⤵
      PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
      4⤵
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
      4⤵
      PID:5064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
    3⤵
    PID:108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
    3⤵
    PID:1172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
    3⤵
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
    3⤵
    PID:5028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
        7⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
        6⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48908.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
        6⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        5⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        5⤵
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
        6⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        5⤵
        
        PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        5⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        5⤵
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        5⤵
        
        PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
      4⤵
      PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
      4⤵
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
      4⤵
      PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        6⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        5⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
      4⤵
      PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
      4⤵
      PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        5⤵
        
        PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
      4⤵
      PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
      4⤵
      PID:800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
      4⤵
      PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
      4⤵
      PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
      4⤵
      PID:4656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
    3⤵
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
    3⤵
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
    3⤵
    PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
    3⤵
    PID:5084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        5⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        5⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11427.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        5⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        5⤵
        
        PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
      4⤵
      PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
      4⤵
      PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        5⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
      4⤵
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
      4⤵
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
      4⤵
      PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
    3⤵
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
    3⤵
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
    3⤵
    PID:4936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
      4⤵
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        5⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
      4⤵
      PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
      4⤵
      PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
    3⤵
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28450.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
      4⤵
      PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
    3⤵
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
      4⤵
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
      4⤵
      PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
    3⤵
    PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
    3⤵
    PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
    3⤵
    PID:4628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
  2⤵
  PID:2616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
  2⤵
  PID:3580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
  2⤵
  PID:3340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
  2⤵
  PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe

Filesize
468KB

MD5
d8680859aafc78d494b29162ad01e853

SHA1
3372d8b03475a712606af9e0844c4a401610764d

SHA256
afe0cd631fd7469c659cceb536e0296143ec7ed1ec32eeaeeeeba9f7f4a6fdf5

SHA512
3b43fda0c5129c65062f64bcaa79a71695a308911b14583515176b4278fe87262fe87815b93abd6ac8130899b39ea26a066e7b8a6327a2c4692987ae8c28627a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe

Filesize
468KB

MD5
a4deb39def7158a6baa538a81fda10cc

SHA1
0addfb3cadb7286116324c878d84dcc522d82aec

SHA256
fa93d8dea91f9b93dd104befb52feba013120f9a19c446dde678164b2c4c3c6f

SHA512
a2b9c6978e8610c679ddcd81a62720ede78b307a58effd4a0a47023856aa8619b8dc25504843876332fae273df540175d2ca8e7c3ffafd9c3b32eb1c1703917f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe

Filesize
468KB

MD5
698ed6972b2ed4cd000786a13147f241

SHA1
479ee07d11b23d5de7d7efbaf4842a5e00b0225a

SHA256
28f2ded0945b763a9172a45b6d400e4bb5eb361f1a41457db9ef8f4fafe6e39e

SHA512
c19cf839ab7a30a3f52074fc198c0107adb64055d2d1749dad7456781c26dc979809f27e4c029ce795d986c8049dea85760c4ea5e360e041bef6e2a36ddd941a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe

Filesize
468KB

MD5
6a950846ec961776cf1e8d22d5a503e9

SHA1
aab96432a88b779200582af02797d4b6eb7e6f5b

SHA256
b3a98a60ea62e4d747caaf678cfcebbe5226b141b993bad1f1cc8adea0bfd0ab

SHA512
a24ad3d582fe6090c50274533414006a738e67c542bd45febf4e5058ab25457008cb089892cc41cd686015b3a47faedcf0f4beeba4a38a1c53afd090c6f56b89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe

Filesize
468KB

MD5
0ad4fa00a3b6262899f1bd843ce19f44

SHA1
9f9d1d8b5789a2e2128927731407812a76317c51

SHA256
395df2f0347bf7ff235d2510678e8b55aa821752df94f513deca6f5c6dedee31

SHA512
339cbc1974d1de1a5c654f182c7240c9f49aecdf65bfd5752385e1b6a3bb4f25c024785f9e14cc4982fe1c18b2cdc81d65f359b8a98247abc3586a63d7e7716f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31319.exe

Filesize
468KB

MD5
2ffdfdea2bc9955c909f65ca1c61e67d

SHA1
487a047763274ca28c252f3c602512a3500c7435

SHA256
f69d57094eccf997269f461122137d06cd41efd46c83e1e07d7f0b84ad53e505

SHA512
dba4399d7ccceab511ccc95601eba6a1af744c6dee6a63879aa0fb29c9369914556e0a03baeeebd8494800d1d86b796161134fa311b4f65422a310960d9907ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe

Filesize
468KB

MD5
b0943fd2d6e4d2622f70a6c7b758f36a

SHA1
b8f432be7b00ffdb99a543d6e183d0697ceb6a80

SHA256
f775bdc05de16ba2ac7cde9821a21f92b1d81f3a32041c1ad9c9097ac52ea45f

SHA512
dc033d99ecc42faa527681e889353ba7f60d9617a74823d7c1f7f21688ca8635062e1c581ae990ce4118c5b4de67217049ab7afb80083fb85b6954639b239b3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe

Filesize
468KB

MD5
7f96d75591d70dff53a6d914c959aa6f

SHA1
9b6567d3700f09286d92d3c981b356d4bdfe8108

SHA256
4563818e30f6bbadeb6f1ce96d010cdc094deb4c3e5b092fc1cbbb03c30126cc

SHA512
8c269d8e22cc6bf8aecb2e118b6ebbf925d0e7df706af395d68acb1d1ec9ff9feb8fd2e14297272d025dd74ad2e6b404610708751b12e6e8f441b036cd948aaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe

Filesize
468KB

MD5
f343c0d0583f9ae2d4d8c89b0a1f4113

SHA1
8090eb6cd7a41574356a74dfe3f92a154e4644df

SHA256
16b28d4448a9a1abd4a0e224827d7c8ce987331743ad9d57bf76e47720a07354

SHA512
5f5588fefd0cdd882f6ef349acb3473f640361db04b40887a3cbd270b6128d65d15d571cc0b5f7f158e8c85efc7f33405a1621bc327a7212bc7761829e0069ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe

Filesize
468KB

MD5
6c2d1e5757c6c40c1acd63827b15715d

SHA1
5adfbde87e0b67865de11b0bb69125c3d543241b

SHA256
b3a81374a5619f5520056ce6b71b0fdfab037daa8fbe6d7a23b6c2e805a7af15

SHA512
bf15874b02ce95d8af8158ed293acde3c758412e609aba47743a680f78216bae1fda154c87e838029905822c98c7fbee7475621af519245bb3a513633b3988fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe

Filesize
468KB

MD5
add49ea48cfcaa5cc7d819c5c2ab11de

SHA1
f85dbe149b9a704eb4303e69c5b9a74eca29d27a

SHA256
87fd4f94ffe1f74790b49d68b46dc50840581cfea7e460347d45c0eeb33f5087

SHA512
0207171c27bbea9b9a0c8e7d01f3b4978e776ed9761164f5a2f32af9ad857be773afade8d13ddce0ce4322106347c63c89d3f39d523545c1c7177e7bf3ccfcd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe

Filesize
468KB

MD5
2425b7d6469e230a4b6642bd29ea09d4

SHA1
dcb66ebed79272a591ecdab43c59355c9e293921

SHA256
b73d94801f7df6cd4e87ce38e68ae3b69baf9c1bf226ad39bb9baab33186aa8d

SHA512
df528b1f49417a578bb9ce75e487f1c76ba4162e48ee08080dfa3e2cca62f5ac00117bb85c1b06c2662bd32594c24f185c473af51219e6ca4c5d09d185e18fac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe

Filesize
468KB

MD5
a0036d648cbd3041a1870ca71fd0bca6

SHA1
6099995e2230228d11ba7b7bb0930b3ddc7ce394

SHA256
7b9a84c8f1140d2f8a358ead8750c8726eb5d193dc14bc424e9d0f33e6cfffb7

SHA512
6c6cc84590ca7be670733a98d6868a5c35312a841f894c9d0d0d991b989214d9e1b7bb52b14265f630f8ea24425c2ce6dd7bae7b8b83e765ed70beb81268f4dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe

Filesize
468KB

MD5
9ff1bb6e786846652d9346f03d7eeb3f

SHA1
74179cca6fb56f10bfbf646f4a48ff2224771deb

SHA256
a41df57097d4bc16d9adcd75e2adb4edb1a18e86607b3d780000fceda48e7771

SHA512
882e78e6e0a80313f7caa8597e7d82f3509885794a528e1619aa48d80c4fca699a195796c1e225e6f8409163160a7383cfaad21f04078b78b6704930c95a9fb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe

Filesize
468KB

MD5
53cc38b490b2ddfb438144d97a924391

SHA1
8379f1e0ceb127c68f233aff204bd35686401773

SHA256
6a2489ac66f85579236b5b7dd033884df18507ee7f7e5a272528afced5c2f096

SHA512
42354008156a802877273b06c3b14c9d31f204fbe882451887732e37d4e0a8fc406822ba264b9dac20421aeb28606f26a2dd9ad1b8d0fa45f5427848ad614925

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe

Filesize
468KB

MD5
64acbcdc7f4d83cf1800ccb22431b32f

SHA1
fce1cbad4f4ce7511f1347999b730f6c9d636e84

SHA256
d5cc1f606cb5b852cda3e11bf7e3f0f299cf8cb30bef1156292027f07915d8d9

SHA512
ffc8b1bd0726b71d3720b4a77f8d702ace2c90a917c5595a5249586ecd6cd86729cd59092595f0e995ce989173a26cb465b65c3cf7aacfa6d65b8bb96d46a2f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe

Filesize
468KB

MD5
0612146f8e7413cfb667c2d4ce067b45

SHA1
24f225c711bfcca0190169b021c66e53c34f8767

SHA256
090b04518efbbae7d879d7ac0687aab2cc9d57d89b0120e6efb8fca08707b513

SHA512
c438773ec20298938d6494959470a8b31d9cc6cdc0c18c75806994eee03521532dbdd5ded5747b1e5a9f416184423399ff4cbff0b03d8b02bec456f1097fb1ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe

Filesize
468KB

MD5
7d1827819afa6344791cfdc20163fd9a

SHA1
448f5a158a87225936a0782b158cf7794047a2af

SHA256
938827fe20b4e3dee913331401bdf5444817c0f3910d7eb50b93883fea2c434c

SHA512
50527ded26d396de03a12a09eec044552c6269218e0d397c2018a66b8e8289f54af01f16bd8641be5c3e311b275c9d9a02cb49946d9a8a155d7c8f41d5270f4c

Download Submit