187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
Size

468KB
MD5

e1e1c19731047dbbf98148cd48e32260
SHA1

1811f36ed722f24c6a8155126bc7730461f784b5
SHA256

187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8
SHA512

1bbb91c7c1607be9b0d5583da201fa87d9861a6badcea0b18e75cb1179b8159465b76137cfee05fe7ffbd468489c0a54334b8254a5130c486ec304acf5d53fba
SSDEEP

3072:PbACogId605UtbYJPYamff8gHpbMPIp2nmHexVbA4J5LyYWW9slk:Pb1oi8UtOPfmffc0UI4JVHWW9

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2788	Unicorn-24508.exe
2384	Unicorn-55037.exe
2780	Unicorn-1155.exe
2624	Unicorn-15540.exe
1892	Unicorn-59910.exe
2736	Unicorn-43382.exe
1968	Unicorn-31003.exe
2032	Unicorn-42007.exe
1940	Unicorn-3204.exe
2128	Unicorn-17887.exe
2944	Unicorn-22525.exe
2060	Unicorn-28167.exe
2552	Unicorn-27902.exe
572	Unicorn-8301.exe
520	Unicorn-27456.exe
1452	Unicorn-63047.exe
1772	Unicorn-29606.exe
916	Unicorn-26888.exe
1972	Unicorn-33987.exe
1268	Unicorn-8912.exe
648	Unicorn-1698.exe
1008	Unicorn-47370.exe
1796	Unicorn-1698.exe
2952	Unicorn-36601.exe
544	Unicorn-36601.exe
2028	Unicorn-546.exe
1904	Unicorn-49939.exe
2000	Unicorn-30073.exe
2432	Unicorn-665.exe
1716	Unicorn-11485.exe
1936	Unicorn-40135.exe
2904	Unicorn-35414.exe
1020	Unicorn-52719.exe
1492	Unicorn-40889.exe
2476	Unicorn-25905.exe
1056	Unicorn-22908.exe
2812	Unicorn-38018.exe
3004	Unicorn-8875.exe
2784	Unicorn-8875.exe
2756	Unicorn-62907.exe
2744	Unicorn-61563.exe
2612	Unicorn-40396.exe
2580	Unicorn-40396.exe
2636	Unicorn-40396.exe
2620	Unicorn-65284.exe
1696	Unicorn-34841.exe
2632	Unicorn-15506.exe
2080	Unicorn-40972.exe
2012	Unicorn-13597.exe
2936	Unicorn-4168.exe
1208	Unicorn-23769.exe
2840	Unicorn-4364.exe
456	Unicorn-24034.exe
1232	Unicorn-24034.exe
2988	Unicorn-25954.exe
2800	Unicorn-25689.exe
2332	Unicorn-55673.exe
616	Unicorn-41522.exe
2232	Unicorn-22040.exe
1736	Unicorn-33930.exe
1628	Unicorn-54403.exe
2356	Unicorn-39898.exe
1540	Unicorn-59036.exe
2524	Unicorn-22192.exe

Loads dropped DLL 64 IoCs

pid	Process
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
2788	Unicorn-24508.exe
2788	Unicorn-24508.exe
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
2780	Unicorn-1155.exe
2384	Unicorn-55037.exe
2788	Unicorn-24508.exe
2788	Unicorn-24508.exe
2384	Unicorn-55037.exe
2780	Unicorn-1155.exe
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
2624	Unicorn-15540.exe
2624	Unicorn-15540.exe
2788	Unicorn-24508.exe
2788	Unicorn-24508.exe
2736	Unicorn-43382.exe
2736	Unicorn-43382.exe
2384	Unicorn-55037.exe
2384	Unicorn-55037.exe
2780	Unicorn-1155.exe
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
1968	Unicorn-31003.exe
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
1968	Unicorn-31003.exe
2780	Unicorn-1155.exe
2032	Unicorn-42007.exe
2032	Unicorn-42007.exe
1892	Unicorn-59910.exe
1892	Unicorn-59910.exe
2624	Unicorn-15540.exe
2624	Unicorn-15540.exe
2552	Unicorn-27902.exe
2552	Unicorn-27902.exe
2060	Unicorn-28167.exe
2060	Unicorn-28167.exe
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
572	Unicorn-8301.exe
2944	Unicorn-22525.exe
1968	Unicorn-31003.exe
1968	Unicorn-31003.exe
572	Unicorn-8301.exe
2944	Unicorn-22525.exe
2384	Unicorn-55037.exe
2780	Unicorn-1155.exe
2780	Unicorn-1155.exe
2384	Unicorn-55037.exe
2128	Unicorn-17887.exe
2128	Unicorn-17887.exe
1940	Unicorn-3204.exe
2736	Unicorn-43382.exe
1940	Unicorn-3204.exe
2736	Unicorn-43382.exe
2788	Unicorn-24508.exe
2788	Unicorn-24508.exe
520	Unicorn-27456.exe
520	Unicorn-27456.exe
2032	Unicorn-42007.exe
2032	Unicorn-42007.exe
1452	Unicorn-63047.exe
1452	Unicorn-63047.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
920	1788	WerFault.exe	160

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29606.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
2788	Unicorn-24508.exe
2384	Unicorn-55037.exe
2780	Unicorn-1155.exe
1892	Unicorn-59910.exe
2624	Unicorn-15540.exe
2736	Unicorn-43382.exe
1968	Unicorn-31003.exe
2032	Unicorn-42007.exe
2128	Unicorn-17887.exe
2552	Unicorn-27902.exe
572	Unicorn-8301.exe
2944	Unicorn-22525.exe
2060	Unicorn-28167.exe
1940	Unicorn-3204.exe
520	Unicorn-27456.exe
1452	Unicorn-63047.exe
1772	Unicorn-29606.exe
916	Unicorn-26888.exe
1008	Unicorn-47370.exe
648	Unicorn-1698.exe
1972	Unicorn-33987.exe
1268	Unicorn-8912.exe
1796	Unicorn-1698.exe
544	Unicorn-36601.exe
2952	Unicorn-36601.exe
2028	Unicorn-546.exe
1904	Unicorn-49939.exe
2000	Unicorn-30073.exe
2432	Unicorn-665.exe
1716	Unicorn-11485.exe
1936	Unicorn-40135.exe
2904	Unicorn-35414.exe
1020	Unicorn-52719.exe
1492	Unicorn-40889.exe
2476	Unicorn-25905.exe
1056	Unicorn-22908.exe
2812	Unicorn-38018.exe
2756	Unicorn-62907.exe
2784	Unicorn-8875.exe
2744	Unicorn-61563.exe
3004	Unicorn-8875.exe
2580	Unicorn-40396.exe
2620	Unicorn-65284.exe
2632	Unicorn-15506.exe
2080	Unicorn-40972.exe
2636	Unicorn-40396.exe
2612	Unicorn-40396.exe
1696	Unicorn-34841.exe
2012	Unicorn-13597.exe
456	Unicorn-24034.exe
2936	Unicorn-4168.exe
2840	Unicorn-4364.exe
1208	Unicorn-23769.exe
1232	Unicorn-24034.exe
2988	Unicorn-25954.exe
2800	Unicorn-25689.exe
2332	Unicorn-55673.exe
616	Unicorn-41522.exe
2232	Unicorn-22040.exe
1736	Unicorn-33930.exe
1628	Unicorn-54403.exe
1540	Unicorn-59036.exe
2356	Unicorn-39898.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2788	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	30
PID 2664 wrote to memory of 2788	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	30
PID 2664 wrote to memory of 2788	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	30
PID 2664 wrote to memory of 2788	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	30
PID 2788 wrote to memory of 2384	2788	Unicorn-24508.exe	31
PID 2788 wrote to memory of 2384	2788	Unicorn-24508.exe	31
PID 2788 wrote to memory of 2384	2788	Unicorn-24508.exe	31
PID 2788 wrote to memory of 2384	2788	Unicorn-24508.exe	31
PID 2664 wrote to memory of 2780	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	32
PID 2664 wrote to memory of 2780	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	32
PID 2664 wrote to memory of 2780	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	32
PID 2664 wrote to memory of 2780	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	32
PID 2788 wrote to memory of 2624	2788	Unicorn-24508.exe	35
PID 2788 wrote to memory of 2624	2788	Unicorn-24508.exe	35
PID 2788 wrote to memory of 2624	2788	Unicorn-24508.exe	35
PID 2788 wrote to memory of 2624	2788	Unicorn-24508.exe	35
PID 2384 wrote to memory of 2736	2384	Unicorn-55037.exe	34
PID 2384 wrote to memory of 2736	2384	Unicorn-55037.exe	34
PID 2384 wrote to memory of 2736	2384	Unicorn-55037.exe	34
PID 2384 wrote to memory of 2736	2384	Unicorn-55037.exe	34
PID 2780 wrote to memory of 1892	2780	Unicorn-1155.exe	33
PID 2780 wrote to memory of 1892	2780	Unicorn-1155.exe	33
PID 2780 wrote to memory of 1892	2780	Unicorn-1155.exe	33
PID 2780 wrote to memory of 1892	2780	Unicorn-1155.exe	33
PID 2664 wrote to memory of 1968	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	36
PID 2664 wrote to memory of 1968	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	36
PID 2664 wrote to memory of 1968	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	36
PID 2664 wrote to memory of 1968	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	36
PID 2624 wrote to memory of 2032	2624	Unicorn-15540.exe	37
PID 2624 wrote to memory of 2032	2624	Unicorn-15540.exe	37
PID 2624 wrote to memory of 2032	2624	Unicorn-15540.exe	37
PID 2624 wrote to memory of 2032	2624	Unicorn-15540.exe	37
PID 2788 wrote to memory of 1940	2788	Unicorn-24508.exe	38
PID 2788 wrote to memory of 1940	2788	Unicorn-24508.exe	38
PID 2788 wrote to memory of 1940	2788	Unicorn-24508.exe	38
PID 2788 wrote to memory of 1940	2788	Unicorn-24508.exe	38
PID 2736 wrote to memory of 2128	2736	Unicorn-43382.exe	39
PID 2736 wrote to memory of 2128	2736	Unicorn-43382.exe	39
PID 2736 wrote to memory of 2128	2736	Unicorn-43382.exe	39
PID 2736 wrote to memory of 2128	2736	Unicorn-43382.exe	39
PID 2384 wrote to memory of 2944	2384	Unicorn-55037.exe	40
PID 2384 wrote to memory of 2944	2384	Unicorn-55037.exe	40
PID 2384 wrote to memory of 2944	2384	Unicorn-55037.exe	40
PID 2384 wrote to memory of 2944	2384	Unicorn-55037.exe	40
PID 2664 wrote to memory of 2552	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	42
PID 2664 wrote to memory of 2552	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	42
PID 2664 wrote to memory of 2552	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	42
PID 2664 wrote to memory of 2552	2664	187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe	42
PID 1968 wrote to memory of 2060	1968	Unicorn-31003.exe	43
PID 1968 wrote to memory of 2060	1968	Unicorn-31003.exe	43
PID 1968 wrote to memory of 2060	1968	Unicorn-31003.exe	43
PID 1968 wrote to memory of 2060	1968	Unicorn-31003.exe	43
PID 2780 wrote to memory of 572	2780	Unicorn-1155.exe	41
PID 2780 wrote to memory of 572	2780	Unicorn-1155.exe	41
PID 2780 wrote to memory of 572	2780	Unicorn-1155.exe	41
PID 2780 wrote to memory of 572	2780	Unicorn-1155.exe	41
PID 2032 wrote to memory of 520	2032	Unicorn-42007.exe	44
PID 2032 wrote to memory of 520	2032	Unicorn-42007.exe	44
PID 2032 wrote to memory of 520	2032	Unicorn-42007.exe	44
PID 2032 wrote to memory of 520	2032	Unicorn-42007.exe	44
PID 1892 wrote to memory of 1452	1892	Unicorn-59910.exe	45
PID 1892 wrote to memory of 1452	1892	Unicorn-59910.exe	45
PID 1892 wrote to memory of 1452	1892	Unicorn-59910.exe	45
PID 1892 wrote to memory of 1452	1892	Unicorn-59910.exe	45

C:\Users\Admin\AppData\Local\Temp\187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe
"C:\Users\Admin\AppData\Local\Temp\187196fed597462b619d79903d02f198fbc90fa23a3000f54133d933f40508c8N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55037.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        7⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        6⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
        6⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        7⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        7⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        6⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        6⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34841.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28871.exe
        6⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        6⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        5⤵
        
        PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        6⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        7⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        7⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
        6⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        6⤵
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        6⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45554.exe
        5⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65167.exe
        6⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        5⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        5⤵
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        5⤵
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
      4⤵
      PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
      4⤵
      PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41522.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        7⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        7⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        6⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
        6⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        6⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        6⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        5⤵
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        5⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        5⤵
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10483.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
        7⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
        6⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
        6⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        6⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        5⤵
        
        PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        5⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
      4⤵
      PID:740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
      4⤵
      PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
        6⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        5⤵
        
        PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
      4⤵
      PID:4220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
        5⤵
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        5⤵
        
        PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54403.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
      4⤵
      PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
    3⤵
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
    3⤵
    PID:4892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27349.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4448.exe
        6⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        5⤵
        
        PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
        5⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3790.exe
        6⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        6⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        5⤵
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
      4⤵
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
      4⤵
      PID:5008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        6⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        5⤵
        
        PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        5⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        5⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        5⤵
        
        PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
      4⤵
      PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        5⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        5⤵
        
        PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
      4⤵
      PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56392.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
      4⤵
      PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
      4⤵
      PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
      4⤵
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25689.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
      4⤵
      PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
    3⤵
    PID:1660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
    3⤵
    PID:3844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
    3⤵
    PID:4912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        6⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22192.exe
        5⤵
        Executes dropped EXE
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        6⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        6⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        5⤵
        
        PID:272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        5⤵
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
      4⤵
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        5⤵
        
        PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        5⤵
        
        PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 188
        5⤵
        Program crash
        
        PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
      4⤵
      PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        5⤵
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
      4⤵
      PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
      4⤵
      PID:4148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
    3⤵
    PID:376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
    3⤵
    PID:3808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
    3⤵
    PID:4684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
        6⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        6⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
        6⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        6⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        6⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
      4⤵
      PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
      4⤵
      PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
      4⤵
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        5⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
      4⤵
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
    3⤵
    PID:1516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
    3⤵
    PID:1800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
    3⤵
    PID:1880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
    3⤵
    PID:4808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
      4⤵
      PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
    3⤵
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47530.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
      4⤵
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
      4⤵
      PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
    3⤵
    PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
    3⤵
    PID:4116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
    3⤵
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
    3⤵
    PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
    3⤵
    PID:4600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
  2⤵
  PID:2964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
  2⤵
  PID:3080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
  2⤵
  PID:3548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
  2⤵
  PID:4296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
  2⤵
  PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe

Filesize
468KB

MD5
f89ec2a530d88a109897c167e5306df7

SHA1
7b83aa3c7d379bea711238ee94cea70552995cf5

SHA256
e29a67a7ee2406c0d23762e39c87727cac34f78906c4175ba47bac1fb1da05ef

SHA512
d03ef3b056e9e0b7a768d705e8a8dbcdf41a300baa1b18e3b516af84264f24fdb6c7673fc13496e94d946c262dbbed87aa4d776ea9e8ace3f5b1ee7c73ad7955

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe

Filesize
468KB

MD5
8ac21633ccac21bc699373596a87a165

SHA1
02463fb1321d5a05f6c6e5a1a3cdf87dccf3e7d8

SHA256
b129def74d4f60ccc1d32aa8f97a74c2fa408514a90bc040663244227e232cd4

SHA512
51fb1bbacd69634f88d7d19cfe78e3a7abc5fd91596314bd0dea7ce3717b21dc210437b15d50581e1184065e3afd558a76ba7ebdab4b4b83210e24124843fc17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe

Filesize
468KB

MD5
34255e15434c7e8b9c4ba2cece52465b

SHA1
f7ea14c1f8634d5f8a6e9cf709085f87b014a3ee

SHA256
d7e08ba94e50ba0b3fcf7633a0fa8e99c51a947014fb9d51bdaa28363fcc33ed

SHA512
b2b85e21768c4d482cc40a5278b1334807c500d686ebc0ce85d7dbaaff3e72d12e058f54e64aa0523bb1aa0b57484be370507ff1f76efaf815157b477f165a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe

Filesize
468KB

MD5
516e8e2f00670ff4a754178561494135

SHA1
de95526da4be5c4c46747bba8a500a7b4253e1e3

SHA256
e847b61fcee93dba428ac139f91b08453f70e7e0e22f91fc1fc6da2e7ba9a354

SHA512
71ebe503b1f1ef0db71704126c791e2f622d32d3adc9cd394465c81a99a6f319d59ccc801b07c0a160b1c29870349203294944a1fcdefe0aab6df895ef2006b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe

Filesize
468KB

MD5
45a1c862d117b85e5633dd65e225bab2

SHA1
ecf412c154a5f6fb8069470ed98326b02cafccfc

SHA256
45b73c17579550c802c1b32275cfc4c62c7e3eced43cfb4c16643cdc547e1cbb

SHA512
a09586b300a1de792cb0112e3b0e88eec8c18ba397ad70afb95b82c0804613a9e2ab0c48ceb7ee214bcbad068d0f4c9b908adc8b968b79daed904b5710c91204

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe

Filesize
468KB

MD5
1c441b6d035f2130cb396df38c88a75d

SHA1
e5b6ce342476451d85fd49dd4ad7a1806e6988f7

SHA256
31af8c9ea74217c4e73e4c5ed3cfba53fce8e7e07c64d5c2a524a37b095c7d27

SHA512
15d2af4cbfa0a25e982f02ef6bce0d1c1513d72abd856fa6f5d7ab1ce9032b56eb2c3a742ea7f14b39b47eda0bf2177837e3346b76c5bb36ee8af96f8e46b143

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe

Filesize
468KB

MD5
a862a8736d5b06a3e6fdafe2a3cd6f2c

SHA1
c2e6474aa43d1962d03e8e34c2c16ff9cde74b3b

SHA256
abafddcac48ac8881508593d0110000aca8152588dab0fb712c03c6fc19a2c68

SHA512
f93e0b80661ed1ad2f1a380732760a7a2ac3388fb813fc6f6def029f40684260c3c91b44031a3cfef688d7c69d9ed16126c983204398fef43b683226397eda4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe

Filesize
468KB

MD5
ad4f1ceffd38faa0cf3a7ab3703862db

SHA1
fd6a5eee6c33e3b8e947eeb29eb5593fff388503

SHA256
d671f5cbc4b4b64618b052e782460eefed9b809716f90a37d20257c8cd105579

SHA512
dc9894e2f70312e22367eeed154cf5ef0897dc38a7ce0c25b0c35316f29e3220ce0d37093b8766406e0c3c8785de170365b6fdbede4b62183c2f3810812002ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe

Filesize
468KB

MD5
360f9ff7e0d0b97cc4a801205cf21f2e

SHA1
0f85094f41866e4211d89a39eb884b37c5b8e3ae

SHA256
0d531d36f5689e400ccc391b3f5fb56dfc1cde59a776de8e909b0f07198f08aa

SHA512
a2860f8d490132d9f7c90fd5d0c5164a0155daecc6189d209d2db0f9b0161719575cefb3e0a5ba09d040a759ef1d2ceac9d1ba5bc19b290dc31f18f992604211

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe

Filesize
468KB

MD5
bbec9407a00a97677ecbea57896ca0a8

SHA1
d2d499fcf9c7b49c8dc64b78c58307e84bc3d6ce

SHA256
b2d903b26e1006c1fd69e10ef7d260eaf9d8969d0ca787ecb61210faae61bced

SHA512
dfea75a8302980fb7ea4ec1d7b588cd266436ee78ba966f25a76e041d34bc15c2a9b7d2872ef2d8dfbc9f71a0c30d3a8c4656e60c374d0a27ca524f0aca0d702

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe

Filesize
468KB

MD5
8ee90adc3f23a260b07882d95c2d0530

SHA1
3517861fb7c82fb31e29235817a729c05ec92f05

SHA256
6cfb4fae359df71b0b3d5b09bb512c4e992caa0e63c87df8f991817f3d694e57

SHA512
eaa48a87035668bd3af1f67d885f259fddeaf76dabe36bc99a7e81316b8bf3e76a98c068e875f3d4673dd0afc0c985d1700bbd6fe8550789effaafa6d476d2c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe

Filesize
468KB

MD5
03ebb437f7d2ad40abe6fe9b1da52467

SHA1
8ac1c1845aa60dc7caaf5382e7fc60bdbf9ac79c

SHA256
ef8c552adb00664019c7a998752bd86a679118e306d54fd9cc64f01662bfc9c9

SHA512
68238c6a15376fabf6dfa0153453f15b36ac2762fc28293b215622bb945da32094acc155486f40b683f082c445a335a78a74ccf996b0f732e8238050373476bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe

Filesize
468KB

MD5
253fad828d885fa28f9e832baec8bd36

SHA1
eb8d23b565d03b92296a936bb71aa110a17c2142

SHA256
7677fa58c4c927b7c8e5711670bb00461fa3546a015ac67909a08a3592b7f5c2

SHA512
7a129cc7c76bb13885f82026fc01d3459969c55abd3bdafc35abe986ded61ddd5e02a9477ac4ddf7d33ef4bd51d7e0ec2ba665505408e42e3ce98203aadd4802

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe

Filesize
468KB

MD5
27352d7cdad1cbb7fd161e87c214218e

SHA1
4f810a3f043ceaf3cc5678a95f02502e035cece7

SHA256
923451568f615c3e477003c95e6146d41de76b8484b09de76eb4095b8a577c3e

SHA512
e540df8c64960bd095d4838b7f344492665f667c6e907b8509d98bbd2c7fe06e0309c94de2934638592db26ea0426ccaf28c36c8f48448d7855a177c89f5b555

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe

Filesize
468KB

MD5
dc3da0f83e11f4b0dd017a2b22878456

SHA1
a2a3027e8f50dc6bf8cef3ab7792277bcd7bec2e

SHA256
8a8285e296c6a54f52c86acccfcafd8df4670f1f7beb2f29c96938a052c7746a

SHA512
407a18e71c736116d95679882444e28b262a01dee7c121506ad52d30b2527183747c0d1c1818ea2df89ed85d0eeebba3881bbe3688b06e7dc1419102a3ad53ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29606.exe

Filesize
468KB

MD5
eb5e37d637de53a9e6f6c5430d00ae6d

SHA1
dc189cde3ed800ba4a0550a7627a490c9f8ef53e

SHA256
ccf967b6ec1ec46d77d3114429e19f1876055e67de1110b35a851f22e7cb1d77

SHA512
ac4407d47902c606133da8878a3f3fbd2f118d46a1e331f02c30bea3d112254b7815a99977b14db441ce42f530b71e0b31eec7aa5dbd071f6bf5ca96e1f2f145

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe

Filesize
468KB

MD5
4a478ce231a451496f188c4625c32e99

SHA1
2ce73597b14b0d6ee38d7baa8b2c8f686de78571

SHA256
22617e22f889ddc32aa5dee1c5c9ee78b1bb178855cce25b711b0e70ec95e266

SHA512
15af7b799aa2fa2e714e69f6033458eb85b4a2323af810838b0d6c2d756512b9138974542c40e8280bef071c9459891257c125ebdcb52897bea001e69493c716

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe

Filesize
468KB

MD5
3e01148736736345758df747b4949313

SHA1
7a78f69b75def0e0bf5c5533daf877632203947e

SHA256
656caeef4275ec1ee4f661d685d6462d7fe5dd923c182ce76799a755fa67957c

SHA512
2b7909b519f0f8b11513c6f8822b741e0b202e192aa5ac5f0aaa0581b57c9eedd11a31ab2c1d6a587d3ec298686e8d944f4e36d039a39944811492a155256bb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55037.exe

Filesize
468KB

MD5
975b9ef1a52ba615d53eb8479e2c3790

SHA1
10ab0ca76a60936962e145a3036b2a65f98c969b

SHA256
6afcc5be218c046fc4a63801880fc4ae6c4b0e2718c6c6c478d1b6ab7e1cbb5b

SHA512
94bc571f446ce84690fe49dcfa3fe26e4b15a45349d7376c08dbd3df5c244843995ca0de624fc5f6bc7792f4efed48e693f4e710496e9309b541cdfae2be869a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe

Filesize
468KB

MD5
bfa554843ab6b3ef8854f7f19be064fd

SHA1
11ffd78ab9a2b776407b49d74c2631abda671ff4

SHA256
638a5315f1853880d7479a0e7bbb6720ef2846cb73b216b2c788c0c153b6f81d

SHA512
44ecfde3d6a69528e0ec25089dd314fb0a8be6304e1dc10518c59b58582936535fe65f8fc94d834fe5906c67a36e414182e002439b76d29339c49ff75da95af0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe

Filesize
468KB

MD5
37652828e69d141e88835ce22e754e3f

SHA1
537d526fc760678831a68514e99cf7a0ae5e64ae

SHA256
8c769c1bc6f517f02d8c753525ec4b4ff5433e50fb7c0b8b3a55fe8e750b90a2

SHA512
f7da5f6b5ce89e63c4ec2fe5bb6683d9f00cad4b46440c435c7bdbba9f63e3e15cd7c57ba682e80b6129e33c643f7f8a67b957d40a77156ab3710f6bc341a39f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe

Filesize
468KB

MD5
64bd1dd4a3b148dde3cef1b80e0f32ad

SHA1
39bcdc093b470dc86e2dcc7814ea35d2988ffb1a

SHA256
f0dad9872a09ddb511560d2ea1f49d9379264cde84c5c86731320bf4ac29d8db

SHA512
c0428eda21be202c93ae05f4e27b34c14562a3a54e67c81bf9c139a4aeccbe5995092c530899d32609c396214bef8e09c6ee73f2a2605677d2f3e745d4ffb803

Download Submit