ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
Size

468KB
MD5

af387348f1f45e608c7b616a56ea3480
SHA1

37322c0f86ae6b165725294b7316062639c82799
SHA256

ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0
SHA512

738b23c39e319a93d3a2078707bed30060075df5712e32b83a915c422f580f929f31f37dd7175d47695c2e31d7500c3f977080f4c0920fdbbfd12249fc3f7493
SSDEEP

3072:XueKogeqIU5etbYWPzBjMfD/ECLHsIp9QmHeQVY5znqLvPFu+glC:XuropcetlP1jMfm0kbzns3Fu+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2040	Unicorn-23964.exe
2776	Unicorn-21909.exe
2780	Unicorn-10211.exe
2688	Unicorn-11685.exe
2740	Unicorn-7501.exe
2592	Unicorn-47051.exe
2576	Unicorn-36190.exe
2960	Unicorn-51239.exe
392	Unicorn-37403.exe
2808	Unicorn-3984.exe
1288	Unicorn-49656.exe
1056	Unicorn-3984.exe
2828	Unicorn-57745.exe
2948	Unicorn-63875.exe
2932	Unicorn-63610.exe
468	Unicorn-46133.exe
564	Unicorn-15961.exe
2356	Unicorn-59345.exe
2260	Unicorn-11768.exe
1612	Unicorn-10144.exe
896	Unicorn-13159.exe
1972	Unicorn-47705.exe
2236	Unicorn-32188.exe
1648	Unicorn-45832.exe
3020	Unicorn-45832.exe
1520	Unicorn-36901.exe
1556	Unicorn-64206.exe
2016	Unicorn-4799.exe
2056	Unicorn-23828.exe
3048	Unicorn-21904.exe
1548	Unicorn-32109.exe
2076	Unicorn-65266.exe
848	Unicorn-16066.exe
1516	Unicorn-40662.exe
1592	Unicorn-51431.exe
2068	Unicorn-18396.exe
2884	Unicorn-30547.exe
2676	Unicorn-37254.exe
1940	Unicorn-41892.exe
2352	Unicorn-8208.exe
3056	Unicorn-32978.exe
2652	Unicorn-32978.exe
2188	Unicorn-39100.exe
1944	Unicorn-25364.exe
2120	Unicorn-22371.exe
884	Unicorn-30539.exe
2512	Unicorn-22925.exe
2556	Unicorn-60808.exe
1136	Unicorn-26263.exe
2944	Unicorn-13910.exe
3060	Unicorn-32293.exe
2148	Unicorn-37699.exe
2248	Unicorn-53481.exe
360	Unicorn-58120.exe
2880	Unicorn-43075.exe
2364	Unicorn-49205.exe
2368	Unicorn-30731.exe
1384	Unicorn-12811.exe
1792	Unicorn-12811.exe
908	Unicorn-23139.exe
808	Unicorn-19055.exe
2480	Unicorn-61271.exe
1108	Unicorn-13387.exe
2156	Unicorn-13387.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2040	Unicorn-23964.exe
2040	Unicorn-23964.exe
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2776	Unicorn-21909.exe
2776	Unicorn-21909.exe
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2780	Unicorn-10211.exe
2040	Unicorn-23964.exe
2040	Unicorn-23964.exe
2780	Unicorn-10211.exe
2688	Unicorn-11685.exe
2688	Unicorn-11685.exe
2776	Unicorn-21909.exe
2776	Unicorn-21909.exe
2780	Unicorn-10211.exe
2780	Unicorn-10211.exe
2592	Unicorn-47051.exe
2576	Unicorn-36190.exe
2592	Unicorn-47051.exe
2576	Unicorn-36190.exe
2040	Unicorn-23964.exe
2040	Unicorn-23964.exe
2740	Unicorn-7501.exe
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2740	Unicorn-7501.exe
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2960	Unicorn-51239.exe
2960	Unicorn-51239.exe
2688	Unicorn-11685.exe
2688	Unicorn-11685.exe
2948	Unicorn-63875.exe
2948	Unicorn-63875.exe
2740	Unicorn-7501.exe
2740	Unicorn-7501.exe
2828	Unicorn-57745.exe
2828	Unicorn-57745.exe
2040	Unicorn-23964.exe
1056	Unicorn-3984.exe
2040	Unicorn-23964.exe
1056	Unicorn-3984.exe
2576	Unicorn-36190.exe
2576	Unicorn-36190.exe
1288	Unicorn-49656.exe
2932	Unicorn-63610.exe
1288	Unicorn-49656.exe
2932	Unicorn-63610.exe
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2780	Unicorn-10211.exe
2808	Unicorn-3984.exe
2780	Unicorn-10211.exe
2808	Unicorn-3984.exe
2592	Unicorn-47051.exe
2592	Unicorn-47051.exe
392	Unicorn-37403.exe
392	Unicorn-37403.exe
2776	Unicorn-21909.exe
2776	Unicorn-21909.exe
564	Unicorn-15961.exe
564	Unicorn-15961.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2584	2312	WerFault.exe	157

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38645.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
2040	Unicorn-23964.exe
2776	Unicorn-21909.exe
2780	Unicorn-10211.exe
2688	Unicorn-11685.exe
2592	Unicorn-47051.exe
2740	Unicorn-7501.exe
2576	Unicorn-36190.exe
2960	Unicorn-51239.exe
392	Unicorn-37403.exe
2948	Unicorn-63875.exe
1288	Unicorn-49656.exe
2828	Unicorn-57745.exe
2932	Unicorn-63610.exe
1056	Unicorn-3984.exe
2808	Unicorn-3984.exe
468	Unicorn-46133.exe
564	Unicorn-15961.exe
2356	Unicorn-59345.exe
2260	Unicorn-11768.exe
1612	Unicorn-10144.exe
1520	Unicorn-36901.exe
2016	Unicorn-4799.exe
1972	Unicorn-47705.exe
896	Unicorn-13159.exe
2236	Unicorn-32188.exe
3020	Unicorn-45832.exe
1556	Unicorn-64206.exe
1648	Unicorn-45832.exe
2056	Unicorn-23828.exe
3048	Unicorn-21904.exe
1548	Unicorn-32109.exe
2076	Unicorn-65266.exe
848	Unicorn-16066.exe
1516	Unicorn-40662.exe
2068	Unicorn-18396.exe
2884	Unicorn-30547.exe
2676	Unicorn-37254.exe
2652	Unicorn-32978.exe
3056	Unicorn-32978.exe
1940	Unicorn-41892.exe
2188	Unicorn-39100.exe
2120	Unicorn-22371.exe
2352	Unicorn-8208.exe
1944	Unicorn-25364.exe
884	Unicorn-30539.exe
2512	Unicorn-22925.exe
2556	Unicorn-60808.exe
1136	Unicorn-26263.exe
2944	Unicorn-13910.exe
3060	Unicorn-32293.exe
2248	Unicorn-53481.exe
2148	Unicorn-37699.exe
772	Unicorn-24701.exe
360	Unicorn-58120.exe
1792	Unicorn-12811.exe
2880	Unicorn-43075.exe
1384	Unicorn-12811.exe
2364	Unicorn-49205.exe
2368	Unicorn-30731.exe
908	Unicorn-23139.exe
1108	Unicorn-13387.exe
808	Unicorn-19055.exe
2480	Unicorn-61271.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2040	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	30
PID 2220 wrote to memory of 2040	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	30
PID 2220 wrote to memory of 2040	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	30
PID 2220 wrote to memory of 2040	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	30
PID 2040 wrote to memory of 2776	2040	Unicorn-23964.exe	31
PID 2040 wrote to memory of 2776	2040	Unicorn-23964.exe	31
PID 2040 wrote to memory of 2776	2040	Unicorn-23964.exe	31
PID 2040 wrote to memory of 2776	2040	Unicorn-23964.exe	31
PID 2220 wrote to memory of 2780	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	32
PID 2220 wrote to memory of 2780	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	32
PID 2220 wrote to memory of 2780	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	32
PID 2220 wrote to memory of 2780	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	32
PID 2776 wrote to memory of 2688	2776	Unicorn-21909.exe	33
PID 2776 wrote to memory of 2688	2776	Unicorn-21909.exe	33
PID 2776 wrote to memory of 2688	2776	Unicorn-21909.exe	33
PID 2776 wrote to memory of 2688	2776	Unicorn-21909.exe	33
PID 2220 wrote to memory of 2740	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	34
PID 2220 wrote to memory of 2740	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	34
PID 2220 wrote to memory of 2740	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	34
PID 2220 wrote to memory of 2740	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	34
PID 2040 wrote to memory of 2592	2040	Unicorn-23964.exe	36
PID 2040 wrote to memory of 2592	2040	Unicorn-23964.exe	36
PID 2040 wrote to memory of 2592	2040	Unicorn-23964.exe	36
PID 2040 wrote to memory of 2592	2040	Unicorn-23964.exe	36
PID 2780 wrote to memory of 2576	2780	Unicorn-10211.exe	35
PID 2780 wrote to memory of 2576	2780	Unicorn-10211.exe	35
PID 2780 wrote to memory of 2576	2780	Unicorn-10211.exe	35
PID 2780 wrote to memory of 2576	2780	Unicorn-10211.exe	35
PID 2688 wrote to memory of 2960	2688	Unicorn-11685.exe	37
PID 2688 wrote to memory of 2960	2688	Unicorn-11685.exe	37
PID 2688 wrote to memory of 2960	2688	Unicorn-11685.exe	37
PID 2688 wrote to memory of 2960	2688	Unicorn-11685.exe	37
PID 2776 wrote to memory of 392	2776	Unicorn-21909.exe	38
PID 2776 wrote to memory of 392	2776	Unicorn-21909.exe	38
PID 2776 wrote to memory of 392	2776	Unicorn-21909.exe	38
PID 2776 wrote to memory of 392	2776	Unicorn-21909.exe	38
PID 2780 wrote to memory of 1288	2780	Unicorn-10211.exe	39
PID 2780 wrote to memory of 1288	2780	Unicorn-10211.exe	39
PID 2780 wrote to memory of 1288	2780	Unicorn-10211.exe	39
PID 2780 wrote to memory of 1288	2780	Unicorn-10211.exe	39
PID 2592 wrote to memory of 2808	2592	Unicorn-47051.exe	40
PID 2592 wrote to memory of 2808	2592	Unicorn-47051.exe	40
PID 2592 wrote to memory of 2808	2592	Unicorn-47051.exe	40
PID 2592 wrote to memory of 2808	2592	Unicorn-47051.exe	40
PID 2576 wrote to memory of 1056	2576	Unicorn-36190.exe	41
PID 2576 wrote to memory of 1056	2576	Unicorn-36190.exe	41
PID 2576 wrote to memory of 1056	2576	Unicorn-36190.exe	41
PID 2576 wrote to memory of 1056	2576	Unicorn-36190.exe	41
PID 2040 wrote to memory of 2828	2040	Unicorn-23964.exe	42
PID 2040 wrote to memory of 2828	2040	Unicorn-23964.exe	42
PID 2040 wrote to memory of 2828	2040	Unicorn-23964.exe	42
PID 2040 wrote to memory of 2828	2040	Unicorn-23964.exe	42
PID 2740 wrote to memory of 2948	2740	Unicorn-7501.exe	43
PID 2740 wrote to memory of 2948	2740	Unicorn-7501.exe	43
PID 2740 wrote to memory of 2948	2740	Unicorn-7501.exe	43
PID 2740 wrote to memory of 2948	2740	Unicorn-7501.exe	43
PID 2220 wrote to memory of 2932	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	44
PID 2220 wrote to memory of 2932	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	44
PID 2220 wrote to memory of 2932	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	44
PID 2220 wrote to memory of 2932	2220	ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe	44
PID 2960 wrote to memory of 468	2960	Unicorn-51239.exe	45
PID 2960 wrote to memory of 468	2960	Unicorn-51239.exe	45
PID 2960 wrote to memory of 468	2960	Unicorn-51239.exe	45
PID 2960 wrote to memory of 468	2960	Unicorn-51239.exe	45

C:\Users\Admin\AppData\Local\Temp\ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe
"C:\Users\Admin\AppData\Local\Temp\ce9d29f168e3e25f85d9bdad817df8cbdd7dcc6327de8793e352b5c28214bdc0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        7⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51431.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40445.exe
        6⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        7⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28062.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        6⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        7⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        7⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        7⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
        7⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        6⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        6⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        5⤵
        
        PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        6⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        5⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        5⤵
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        6⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        6⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        5⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
      4⤵
      PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
      4⤵
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
        6⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
        5⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        5⤵
        
        PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        5⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        5⤵
        
        PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        5⤵
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        5⤵
        
        PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
      4⤵
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
      4⤵
      PID:3620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        6⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        5⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        5⤵
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
      4⤵
      Executes dropped EXE
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
      4⤵
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
      4⤵
      PID:2044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        5⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        5⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
        5⤵
        
        PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
      4⤵
      PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
      4⤵
      PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
      4⤵
      PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
    3⤵
    PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
    3⤵
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
    3⤵
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
    3⤵
    PID:4900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        7⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        6⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        6⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        6⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        6⤵
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        6⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        5⤵
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        5⤵
        
        PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
        6⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        6⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
        5⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        5⤵
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        5⤵
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
      4⤵
      PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
      4⤵
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
      4⤵
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
      4⤵
      PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48411.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        5⤵
        
        PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32963.exe
        5⤵
        
        PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
      4⤵
      PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
      4⤵
      PID:4964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        5⤵
        
        PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
      4⤵
      PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
      4⤵
      PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
      4⤵
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
    3⤵
    PID:1332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
    3⤵
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
    3⤵
    PID:4852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
        6⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        6⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        6⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
        5⤵
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
      4⤵
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
      4⤵
      PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54820.exe
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37623.exe
        5⤵
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
      4⤵
      PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50949.exe
      4⤵
      PID:2276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
      4⤵
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 188
        6⤵
        Program crash
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17518.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
      4⤵
      PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
      4⤵
      PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52038.exe
    3⤵
    PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
    3⤵
    PID:1284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
    3⤵
    PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
    3⤵
    PID:3488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
      4⤵
      PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
      4⤵
      PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
      4⤵
      PID:4932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
      4⤵
      PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
    3⤵
    PID:1112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62902.exe
    3⤵
    PID:4384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
    3⤵
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
    3⤵
    PID:4004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
    3⤵
    PID:4252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
    3⤵
    PID:5000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
  2⤵
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
    3⤵
    PID:888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
    3⤵
    PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30233.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
    3⤵
    PID:4208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
  2⤵
  PID:2680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61173.exe
  2⤵
  PID:3120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
  2⤵
  PID:3168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
  2⤵
  PID:4112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
  2⤵
  PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe

Filesize
468KB

MD5
06643a2bc5dc089c0be033c814e7a258

SHA1
5a151f9ebc7cc1b0fa7c322831e09cf719aeee41

SHA256
168ac2c7e6e288ae5716bb14e2ee10ca7a4b606c62e72ff6810f0fd2ea365803

SHA512
ba872be9c59b48665a68ae75414664560a9caf16301990f606b9a3f3cffb51ef775fe8a278f39f94e56ef92700f06ccd0bb2747d424ba71803562af802327508

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe

Filesize
468KB

MD5
9d89f83199371b9beaa3bb60384aadd8

SHA1
04780328f5910e13fa4f56ad6a4e9cfe281ebd77

SHA256
2ab7fbdd3ea771b85f0782e8c924ae086e47b0d0faf4dddcae9c6e316817b0a6

SHA512
ed56d3d69a6eff780048e5d7a3db251df655c9ff25ae01a571524b10c355ffd2c12af5d5642da1c5e7b82017098755dee57b17c9c5edaf4f138b78ca7423ebc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe

Filesize
468KB

MD5
d875872b372e5508e98c6a6ec721041d

SHA1
0ca7fff6a4000cc989019fc411f4ce3bea89359f

SHA256
9e99c12837d43841faed66daa93d67e8e48f8c14b7dffc515804d4589ae4e5a7

SHA512
bf1da416fb15e514da20d02f2606b0d3218b02d2b45b5b8d482060be1ffe3c16d1b748255e41b0647a76c59c4e74b903fefdafc5f3e3e0319c6e25015e660f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe

Filesize
468KB

MD5
6c0a8b24a7a727fccd410557b142dd7a

SHA1
1bb06dc0dc195e33a9c32532d2c415cfdf4b1540

SHA256
1e9e717d3a9ca945fbd6311aa966f737a5f0ab682f43b7661854ed84378cd204

SHA512
9a6153880bcc27233ead7b3dfbf89f521c5235a6a631c149e283c703f797a5248101e9e031e4cbc6b8e7d03e85f7a85ce55ead95d9bf23e2d0eb86add4785561

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe

Filesize
468KB

MD5
67a8035f773fdb1f69495c9d0482b4aa

SHA1
429b0a13c9719bb20b68efc469790a5c45bc6fd1

SHA256
44b8aa1f82e0c2c4a63ce856dd76fb5949c0c9c28eb0406f853409e452bf9a92

SHA512
5009925e3854f9969be280bb4a4c093239d615572c853852abc10df56efad890ed0c8fb6944bfeddbcebcc0757b00fde2fa646a7c03815aff6dfe2ad3e4dfa44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe

Filesize
468KB

MD5
63ffc6010c1c9318bc3410502b4ac56e

SHA1
4533329ff6c7b08771225cae8ab09a66a3a1632e

SHA256
8aebc362d5a25ba177a9169552dcaa0e87699aece12016a2e5eef990f968a6cb

SHA512
b391e6462c0fbc066e13d4cd79f864eff84d213bf52dcb7d5c564fa65cddddea35b55ec54d8ec9c80b2eb55db59fe7163646bdbe11c0270abae0eb6835bcab4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe

Filesize
468KB

MD5
65f2063a2a2f1afce42f1df7c6750779

SHA1
281e8aec99ace852dad4c77dbc9fda319b7e8779

SHA256
835186bf9fb311e811f441aae4d32d7faa4f6c0d2617f26102afbd09fd90b2f0

SHA512
70c048f3d699d2b673a07063d740c66920103bddc6fe94d339356ed7408ca0f38cbc5901053908a993fcb6262062006e614a5f0a8f84aa66dddf8538cd5db7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe

Filesize
468KB

MD5
f38c159aeea49cb147468abfb4e31d11

SHA1
80e7ebe41061798f7d9890d8eed90076e7118c93

SHA256
4707441cbe94f40b4b47dc41a50c7dd43a2926642ec2a1803bbbea0102e415da

SHA512
a8d14eeb618a4881a7fcc4dec4a9653cd5bc920a64799210cd2db97be98e4b54114d90ca070ce0225c3dcd58e9f935e855b238da8e9976104d74b040affd2ef0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe

Filesize
468KB

MD5
de79cedd3ddc2f891021b3763c4c706b

SHA1
baf3f93afd6af73078d2efb8d434a2760a3edea8

SHA256
9081f8e8d75510649df10d9be4bcb5df9dc7df9f56cad35a56e710a45ebd50ee

SHA512
47508de378ba0dc50000882bec6111869203649c8e019c8140ade30958be39304cf23c02f453ebf0ca2c43e7c96d050386a28f7263a7cfff8f48b5330959ebce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe

Filesize
468KB

MD5
a584f89aee4f47f22dfea4317af444fb

SHA1
4cd9709126ac95b3d3aec0f0518e1d58c193f00f

SHA256
7f29138d31ab90ca6465906494849616068966c526ce4085352cde39065d1571

SHA512
777a5668e6628ad0f622e8da8910f4e44bf6f8b7fd86b9be64771932424244adfaa80f12f38ee680c38609da57eff4f1efe36f4a7774cef843ce4613cc25a1bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe

Filesize
468KB

MD5
737864a8777a2044843ca46964412d7d

SHA1
4fd385a6b3feb9123c9b45d05a372b15754619b6

SHA256
4e9f08df234d6821009942ad3cd8b3ce0e4f44896d00274d7b77863c07224a24

SHA512
d28f443125c2ff8b5c0a921ffda0cc67588ade4856a8dc02f53016369a2426c2d8853c11f480069e3a3bfeea5a60f9b06300d48af68ad35fdc5b3447f7ddfa4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe

Filesize
468KB

MD5
b1580b14d6d7bc43a320f86cb2638141

SHA1
29f43cf03c5e2b7203cfc8e6f581817c02da1c07

SHA256
29a6ac7c38ad1f343a079e8a8903eb2ecfb2b2a1b9f220b00c7e2015abaa9c52

SHA512
303bb61441a56f235d08e8f066f617a54ebd3ac28a4df70b3a021da8fa2f3e9145ec3519e976dc5c88c9e8fc30fc490f1a3ebf8351fac50688ec24cf553d57d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe

Filesize
468KB

MD5
af1a1f002fe83ea37bd8e334ce24a836

SHA1
99baa222d4ec3bdae8cc2f346887399122cf7e9e

SHA256
ef80b3ddf28edbd6cc22ff4fee0a5b6c03d0cdf6186bc6682f5ea524aa280a21

SHA512
84c3c38409b21b76287a05622370d61d195d488b9a24593f55c400e3b06630a777cf598956c25339d222f9a4dca8eed7b43aaaa80f918e557807dc5d18a5fee9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe

Filesize
468KB

MD5
a4b729f9993fc5472a43555fe59a007b

SHA1
1aad0f9e487efd819b207596c1162fd59aa1342c

SHA256
915aab1e8f71da890e7bbab85c114652027a9b5cfd219ed66d24eb0b1d6bc896

SHA512
2230c84edf7b3007f1512b70ee3f4e90a7aa0e8ff7d25994ce27edb6afb059a26b3a7f394ed1ad38950a9bd0306b5ef456a96de6a5aeaa60066593d8b3b02775

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe

Filesize
468KB

MD5
0d69da6c51b3d8eeb3e85545c8f002bb

SHA1
a5df8608ec310ddc7bfda1f7975e29b27ddd6ca9

SHA256
aa08a00252739852cf9c3d4e758107ba80ecee56a6ffae3b1c199d99a1e5aad0

SHA512
f5f8095914f9e9b68acd77743369cd0ab0ab89b9428de0cc2376b9d76081aeef4059e582c761a5bdc83372f0b21aa9b92e95e6c7e24d3d1c586da874150d1ba1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe

Filesize
468KB

MD5
e8d4023f62380bb361c6f782cdfc7bca

SHA1
9b753caa713495225cacc800d8c654b4b4cf4986

SHA256
31eea100b4cdaa3758551b7945c8001eac23e9e97f435688273be3dc70500875

SHA512
c84342246f4b8794137911a4af2e2098df0234720e35ab7f069ac7b7c499a2902a4ca1d6ecea1a808920b3e50f5170ba67c067f3c492c23a186ca136120bb394

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe

Filesize
468KB

MD5
91a5d7d4877e4f9bb361effe2a68e0b6

SHA1
1d0a45d8485e2c458eca1dc10c1bf9614e353504

SHA256
b8704ae7c79fca8159d21d6c4c5ec24321d428eedaab3e5f7bc881b253c1e3ae

SHA512
5bae2d95694bce94ef10a9ea557d60fd669f23d974028f5db34fb9f4d74ef8f73bb5ff10f8289a728b1dce53f0e57b60be2928009227ec2c70cbcedd827f6877

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe

Filesize
468KB

MD5
463b4dbacf1020f53ffbe761d3240ef0

SHA1
e5ed0ee671cfc130e3dbe7fbbfdbb247363a57ed

SHA256
5a983d9cc2b338e58f4ca66d2c031f6be335d04a3738e6b82e5aea8da64f400d

SHA512
25bdde5db46105a072dbd97e219846baf23d313e3103faa7f762e2ca38e48dfddf83b8039b8538e43646919ca762d6665978cc097dac0bfefe1be21a0c9fd608

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe

Filesize
468KB

MD5
bc3dd6650d5aadeeec1641267a83d26e

SHA1
c2d88eb446c70ff404a95413099aefdcff803ffb

SHA256
eb58b8df7ed2a73f1f234970a5d39b30891a08d58878e25b5cbd4932fb7d11cf

SHA512
2527d8b3f381cf654dff76dcfb0ad3b61dd03eb1c3b218e75a33623046dfe7a6b866f053cafe2b7180b52040cfa06886f5252320378b6045d616bd95e68f28ed

Download Submit