4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524c

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
Size

468KB
MD5

80f52af806ba2d385d92ccfe4087f390
SHA1

4520e37bf3bd95b2ffb10f10a2e4f172dd6ed114
SHA256

4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524c
SHA512

f73886f0e67d631f58058aa46ead1c4e1af802fb9a53cf5920d1685ad185dd8a24cac1b423701c0739b3f0ca9e72453ac6681054f625f3b233823c437703a640
SSDEEP

3072:4belogxaIU57tbYEPzcfmbfD/n2DnsIHnQmyeQVqqu5KkkhIuxvlD:4b4oCc7t7P4fmbfra96u5D8Iux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2788	Unicorn-2599.exe
2724	Unicorn-6849.exe
2852	Unicorn-7212.exe
2744	Unicorn-62293.exe
1668	Unicorn-29621.exe
2688	Unicorn-11238.exe
284	Unicorn-1203.exe
1868	Unicorn-18303.exe
1612	Unicorn-26471.exe
1348	Unicorn-25822.exe
2936	Unicorn-6221.exe
624	Unicorn-6221.exe
2880	Unicorn-26087.exe
2824	Unicorn-19956.exe
1956	Unicorn-57005.exe
2256	Unicorn-44198.exe
2260	Unicorn-32116.exe
2300	Unicorn-14924.exe
1824	Unicorn-18306.exe
848	Unicorn-20353.exe
980	Unicorn-3632.exe
2480	Unicorn-3367.exe
1980	Unicorn-36497.exe
1136	Unicorn-16631.exe
1168	Unicorn-9754.exe
1880	Unicorn-24053.exe
3004	Unicorn-36667.exe
1708	Unicorn-56533.exe
572	Unicorn-23098.exe
1156	Unicorn-61385.exe
1520	Unicorn-35110.exe
1028	Unicorn-17805.exe
2524	Unicorn-58131.exe
2876	Unicorn-12459.exe
1680	Unicorn-51062.exe
2320	Unicorn-9335.exe
3064	Unicorn-9698.exe
2820	Unicorn-17312.exe
2572	Unicorn-61971.exe
2148	Unicorn-22356.exe
2580	Unicorn-22356.exe
872	Unicorn-44829.exe
1020	Unicorn-6382.exe
2556	Unicorn-29071.exe
1644	Unicorn-15864.exe
2124	Unicorn-57659.exe
1252	Unicorn-11804.exe
1940	Unicorn-54883.exe
1592	Unicorn-38909.exe
2428	Unicorn-58583.exe
1800	Unicorn-5106.exe
1512	Unicorn-27756.exe
2180	Unicorn-35785.exe
468	Unicorn-2174.exe
1960	Unicorn-59605.exe
2472	Unicorn-59605.exe
2316	Unicorn-13933.exe
2264	Unicorn-13933.exe
2176	Unicorn-13933.exe
2004	Unicorn-13668.exe
1304	Unicorn-42714.exe
1580	Unicorn-52096.exe
976	Unicorn-294.exe
1656	Unicorn-6424.exe

Loads dropped DLL 64 IoCs

pid	Process
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2788	Unicorn-2599.exe
2788	Unicorn-2599.exe
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2852	Unicorn-7212.exe
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2852	Unicorn-7212.exe
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2724	Unicorn-6849.exe
2724	Unicorn-6849.exe
2788	Unicorn-2599.exe
2788	Unicorn-2599.exe
2744	Unicorn-62293.exe
2744	Unicorn-62293.exe
284	Unicorn-1203.exe
284	Unicorn-1203.exe
2724	Unicorn-6849.exe
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2852	Unicorn-7212.exe
2724	Unicorn-6849.exe
2852	Unicorn-7212.exe
2788	Unicorn-2599.exe
2688	Unicorn-11238.exe
2688	Unicorn-11238.exe
2788	Unicorn-2599.exe
1668	Unicorn-29621.exe
1668	Unicorn-29621.exe
1868	Unicorn-18303.exe
1868	Unicorn-18303.exe
2744	Unicorn-62293.exe
2744	Unicorn-62293.exe
2936	Unicorn-6221.exe
2936	Unicorn-6221.exe
2724	Unicorn-6849.exe
2724	Unicorn-6849.exe
2824	Unicorn-19956.exe
2824	Unicorn-19956.exe
2880	Unicorn-26087.exe
2880	Unicorn-26087.exe
2788	Unicorn-2599.exe
2788	Unicorn-2599.exe
2688	Unicorn-11238.exe
624	Unicorn-6221.exe
624	Unicorn-6221.exe
2688	Unicorn-11238.exe
2852	Unicorn-7212.exe
2852	Unicorn-7212.exe
1612	Unicorn-26471.exe
1612	Unicorn-26471.exe
284	Unicorn-1203.exe
1348	Unicorn-25822.exe
284	Unicorn-1203.exe
1348	Unicorn-25822.exe
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
1956	Unicorn-57005.exe
1956	Unicorn-57005.exe
1668	Unicorn-29621.exe
1668	Unicorn-29621.exe
2256	Unicorn-44198.exe
2256	Unicorn-44198.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1684	2556	WerFault.exe	74

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48482.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
2788	Unicorn-2599.exe
2852	Unicorn-7212.exe
2724	Unicorn-6849.exe
2744	Unicorn-62293.exe
1668	Unicorn-29621.exe
2688	Unicorn-11238.exe
284	Unicorn-1203.exe
1868	Unicorn-18303.exe
1612	Unicorn-26471.exe
2936	Unicorn-6221.exe
2880	Unicorn-26087.exe
2824	Unicorn-19956.exe
624	Unicorn-6221.exe
1348	Unicorn-25822.exe
1956	Unicorn-57005.exe
2256	Unicorn-44198.exe
2260	Unicorn-32116.exe
2300	Unicorn-14924.exe
1824	Unicorn-18306.exe
848	Unicorn-20353.exe
980	Unicorn-3632.exe
1980	Unicorn-36497.exe
1168	Unicorn-9754.exe
2480	Unicorn-3367.exe
1136	Unicorn-16631.exe
1708	Unicorn-56533.exe
1880	Unicorn-24053.exe
3004	Unicorn-36667.exe
572	Unicorn-23098.exe
1156	Unicorn-61385.exe
1520	Unicorn-35110.exe
1028	Unicorn-17805.exe
2524	Unicorn-58131.exe
2876	Unicorn-12459.exe
1680	Unicorn-51062.exe
2320	Unicorn-9335.exe
3064	Unicorn-9698.exe
2820	Unicorn-17312.exe
2572	Unicorn-61971.exe
2148	Unicorn-22356.exe
872	Unicorn-44829.exe
2580	Unicorn-22356.exe
1644	Unicorn-15864.exe
1020	Unicorn-6382.exe
2556	Unicorn-29071.exe
2124	Unicorn-57659.exe
1252	Unicorn-11804.exe
1940	Unicorn-54883.exe
1592	Unicorn-38909.exe
1800	Unicorn-5106.exe
2428	Unicorn-58583.exe
1512	Unicorn-27756.exe
2180	Unicorn-35785.exe
468	Unicorn-2174.exe
2472	Unicorn-59605.exe
2316	Unicorn-13933.exe
2264	Unicorn-13933.exe
1960	Unicorn-59605.exe
1304	Unicorn-42714.exe
2176	Unicorn-13933.exe
2004	Unicorn-13668.exe
1580	Unicorn-52096.exe
1656	Unicorn-6424.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2788	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	30
PID 2716 wrote to memory of 2788	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	30
PID 2716 wrote to memory of 2788	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	30
PID 2716 wrote to memory of 2788	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	30
PID 2788 wrote to memory of 2724	2788	Unicorn-2599.exe	31
PID 2788 wrote to memory of 2724	2788	Unicorn-2599.exe	31
PID 2788 wrote to memory of 2724	2788	Unicorn-2599.exe	31
PID 2788 wrote to memory of 2724	2788	Unicorn-2599.exe	31
PID 2716 wrote to memory of 2852	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	32
PID 2716 wrote to memory of 2852	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	32
PID 2716 wrote to memory of 2852	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	32
PID 2716 wrote to memory of 2852	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	32
PID 2852 wrote to memory of 2744	2852	Unicorn-7212.exe	33
PID 2852 wrote to memory of 2744	2852	Unicorn-7212.exe	33
PID 2852 wrote to memory of 2744	2852	Unicorn-7212.exe	33
PID 2852 wrote to memory of 2744	2852	Unicorn-7212.exe	33
PID 2716 wrote to memory of 2688	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	34
PID 2716 wrote to memory of 2688	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	34
PID 2716 wrote to memory of 2688	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	34
PID 2716 wrote to memory of 2688	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	34
PID 2724 wrote to memory of 1668	2724	Unicorn-6849.exe	35
PID 2724 wrote to memory of 1668	2724	Unicorn-6849.exe	35
PID 2724 wrote to memory of 1668	2724	Unicorn-6849.exe	35
PID 2724 wrote to memory of 1668	2724	Unicorn-6849.exe	35
PID 2788 wrote to memory of 284	2788	Unicorn-2599.exe	36
PID 2788 wrote to memory of 284	2788	Unicorn-2599.exe	36
PID 2788 wrote to memory of 284	2788	Unicorn-2599.exe	36
PID 2788 wrote to memory of 284	2788	Unicorn-2599.exe	36
PID 2744 wrote to memory of 1868	2744	Unicorn-62293.exe	37
PID 2744 wrote to memory of 1868	2744	Unicorn-62293.exe	37
PID 2744 wrote to memory of 1868	2744	Unicorn-62293.exe	37
PID 2744 wrote to memory of 1868	2744	Unicorn-62293.exe	37
PID 284 wrote to memory of 1612	284	Unicorn-1203.exe	38
PID 284 wrote to memory of 1612	284	Unicorn-1203.exe	38
PID 284 wrote to memory of 1612	284	Unicorn-1203.exe	38
PID 284 wrote to memory of 1612	284	Unicorn-1203.exe	38
PID 2716 wrote to memory of 1348	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	40
PID 2716 wrote to memory of 1348	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	40
PID 2716 wrote to memory of 1348	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	40
PID 2716 wrote to memory of 1348	2716	4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe	40
PID 2724 wrote to memory of 2936	2724	Unicorn-6849.exe	39
PID 2724 wrote to memory of 2936	2724	Unicorn-6849.exe	39
PID 2724 wrote to memory of 2936	2724	Unicorn-6849.exe	39
PID 2724 wrote to memory of 2936	2724	Unicorn-6849.exe	39
PID 2852 wrote to memory of 624	2852	Unicorn-7212.exe	41
PID 2852 wrote to memory of 624	2852	Unicorn-7212.exe	41
PID 2852 wrote to memory of 624	2852	Unicorn-7212.exe	41
PID 2852 wrote to memory of 624	2852	Unicorn-7212.exe	41
PID 2688 wrote to memory of 2880	2688	Unicorn-11238.exe	43
PID 2688 wrote to memory of 2880	2688	Unicorn-11238.exe	43
PID 2688 wrote to memory of 2880	2688	Unicorn-11238.exe	43
PID 2688 wrote to memory of 2880	2688	Unicorn-11238.exe	43
PID 2788 wrote to memory of 2824	2788	Unicorn-2599.exe	42
PID 2788 wrote to memory of 2824	2788	Unicorn-2599.exe	42
PID 2788 wrote to memory of 2824	2788	Unicorn-2599.exe	42
PID 2788 wrote to memory of 2824	2788	Unicorn-2599.exe	42
PID 1668 wrote to memory of 1956	1668	Unicorn-29621.exe	44
PID 1668 wrote to memory of 1956	1668	Unicorn-29621.exe	44
PID 1668 wrote to memory of 1956	1668	Unicorn-29621.exe	44
PID 1668 wrote to memory of 1956	1668	Unicorn-29621.exe	44
PID 1868 wrote to memory of 2256	1868	Unicorn-18303.exe	45
PID 1868 wrote to memory of 2256	1868	Unicorn-18303.exe	45
PID 1868 wrote to memory of 2256	1868	Unicorn-18303.exe	45
PID 1868 wrote to memory of 2256	1868	Unicorn-18303.exe	45

C:\Users\Admin\AppData\Local\Temp\4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe
"C:\Users\Admin\AppData\Local\Temp\4d84775c9a1f5c929bbaa01d5bbddb6624f4fd7ca2d9ed974805eee0559d524cN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13376.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
        7⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        7⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46659.exe
        7⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        6⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58124.exe
        6⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        6⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        5⤵
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6221.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        7⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        6⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        6⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        5⤵
        
        PID:520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        6⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        5⤵
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38440.exe
        5⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        5⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
      4⤵
      PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
      4⤵
      PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
      4⤵
      PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
      4⤵
      PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        7⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        7⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        6⤵
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15036.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        5⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42373.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34331.exe
        5⤵
        
        PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        5⤵
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
        5⤵
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        5⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        5⤵
        
        PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
      4⤵
      PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
        6⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        7⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        5⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        6⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
      4⤵
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        5⤵
        
        PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
      4⤵
      PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        5⤵
        Program crash
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        5⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47178.exe
        5⤵
        
        PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
      4⤵
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25716.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        5⤵
        
        PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
    3⤵
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
      4⤵
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
      4⤵
      PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
    3⤵
    PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
    3⤵
    PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
    3⤵
    PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
    3⤵
    PID:4544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18303.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        7⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        6⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4357.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48674.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        6⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5212.exe
        6⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        5⤵
        Executes dropped EXE
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        6⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        6⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        5⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
        5⤵
        
        PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34331.exe
        5⤵
        
        PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        7⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        6⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
        5⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        6⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        5⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        5⤵
        
        PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
      4⤵
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
      4⤵
      PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6221.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50579.exe
        6⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        6⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47189.exe
        5⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        5⤵
        
        PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
      4⤵
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
      4⤵
      PID:1088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
    3⤵
    PID:780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
    3⤵
    PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
    3⤵
    PID:3704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
    3⤵
    PID:4552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        6⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
        6⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        5⤵
        
        PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        5⤵
        
        PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
      4⤵
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        5⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        5⤵
        
        PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
      4⤵
      PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
      4⤵
      PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        5⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58487.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        5⤵
        
        PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
      4⤵
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
        5⤵
        
        PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59835.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55135.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
      4⤵
      PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
      4⤵
      PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
    3⤵
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
      4⤵
      PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
      4⤵
      PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
      4⤵
      PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
    3⤵
    PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
    3⤵
    PID:4012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5106.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
        5⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        5⤵
        
        PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
      4⤵
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
      4⤵
      PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
      4⤵
      PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
      4⤵
      PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
      4⤵
      PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
      4⤵
      PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
    3⤵
    PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
    3⤵
    PID:3724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
    3⤵
    PID:4656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
      4⤵
      PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
      4⤵
      PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
    3⤵
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
      4⤵
      PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
    3⤵
    PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
    3⤵
    PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64051.exe
    3⤵
    PID:4320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44829.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44829.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
    3⤵
    PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
    3⤵
    PID:3252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
    3⤵
    PID:588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
    3⤵
    PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
  2⤵
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
    3⤵
    PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19322.exe
    3⤵
    PID:4624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
  2⤵
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
    3⤵
    PID:4288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
  2⤵
  PID:3844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
  2⤵
  PID:3356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe

Filesize
468KB

MD5
c82a9b556409717e6aa85d38cbf8c040

SHA1
65e9d5e062fb8b27d3b4c411e90305d37801e69f

SHA256
af810451a482a1f24426cd04e71bbb60fa55553c5f73c41d9c5b425879abe306

SHA512
7e46f19216cb9b887db9bce863894a381502309f8e19cd4b312d947282ed927354bdebf0d1f2cb145fe9c16d5e4dba2a0373289194e02ed40b5e2972923b6530

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18303.exe

Filesize
468KB

MD5
0833ba449a7f61f2902286e4452d436c

SHA1
640ca76ab72ec3173bc43e5ffe3725b59ab3f3ea

SHA256
9964501703c6a2c37a3b69a4cdf62192a2cc08a2589230ea2678866faab39f93

SHA512
751cc316ac8cd79746314593ee81d05d7e5f95124245333ad16199ba95f64d92dc16af88a768793ce19957fdb60513b1bc8da417fec1b7ce57c9f1032b05d36c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe

Filesize
468KB

MD5
a5a4ad834b7ad943facdd12679b9cb9e

SHA1
5b94f29e05495a271d8825d6a6cfee7e87d7f6c2

SHA256
802de4a6cdd8cc1366580f8f003eda08227884e078d374cd79c8a46d374617dd

SHA512
a107f0b66c86f718e6095bae864db72beb3f7c8a43c3ade7b58c50c445c7465b549ca607e0f4dfaf3ff200a74ac4ec4d38c21dc2ceabea11099142def3d29dc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe

Filesize
468KB

MD5
c3f2049f587fe1a2f0a914583d205f72

SHA1
88465ebe1d9fd7f4f2f69fe6879234816b9f7d22

SHA256
dea50ed8ece24abc8c992f006b289a3a829457b49e1db401f88170f239bb12be

SHA512
2653c9c4cef1e47e810d64e87d1441b8d560c6acd2415aaebad301bfddef8bf1f6126fa9f1a709001e78e21b408f0989d9e6ec3a7c6fb128a45df01e0f7a1a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe

Filesize
468KB

MD5
2258763004cf2ad9cc198b634570c589

SHA1
9f0dd40c956cb66e875d397909549cc014044175

SHA256
55af2220869d351ff70c955c7f92c5bc8ab666381c725a66a9a26989438740f2

SHA512
29a655edc7f1a21d6ba9a882443f9ad06406475fc99c336e36d55aa6d884c6fc1e83ab13e791080ae688802ae91cdf6ae0dceea18457edb649d34a734d39778b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6221.exe

Filesize
468KB

MD5
11eee36331c35907415ef2930b1ba68a

SHA1
0e6caa5e82adf83c9ee251985cb8950dc6568e6c

SHA256
3571b46aaf6f2ba061ce89c750343a293fe7b376e933fb5247d7359c3252942f

SHA512
e6d78108e76597bf656d54c0eb784c22b1b415a8a9f2d1112549d327cd4b257ef161dafe689ce71d620932330da21ae9cf363ebc5f88fb331077220830158d8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe

Filesize
468KB

MD5
e5223e5ce91e4a9aa14b76c18918027a

SHA1
d0e2639c1e879e8fab2da1808d93d6892b28b938

SHA256
15fa965c9597dc661015397ad58655bb7c3f1731f93844738ff2d2eba37b9009

SHA512
f71035c56e4f2824ee5ab2607db8a1caf078d552aac1fa7cc9b570c918e594f9c3996f1a93cadb094b763d2153ded0d87af6b68e5b751b8fafb3d2a948442a85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe

Filesize
468KB

MD5
c0661431cf4bec3861212cd92904b982

SHA1
079648f5a56dc03965996b4999cce47fc5837ae6

SHA256
6811ba21995bfef3ab52ffe7209c96f5f8b1ea6e195785fdd8ae58015e26bf09

SHA512
8d15c3d0c7fadc3ef15f5faaad349bc4feee13dfcdc2affb39fe0b872a1f347151a245a3c8323dde49bef9348ea5c4f4160255a8083a30182b6ab762ad7385f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe

Filesize
468KB

MD5
71eb4c73e830246a608eb4935e867bea

SHA1
5220ec58bbd7b9cf40bdbf4bd6bf852e608a2f14

SHA256
df9e1515ae17961d052956f0a2fe27f13ad14116e1f881f2c16a8c5c454f004a

SHA512
7d19fab713c2dc6982331ba0a437a9bad1d684b56b1408019cc11625d7134a1d7184f2c1e9c06e83472db7ce5e91d92e2c31dc484262f8f4b9bd99a621af7366

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe

Filesize
468KB

MD5
b0bf15fce6d1355fbcff0c611b7bb145

SHA1
1a3da00233ece5fe425cfe1ff3fa8472164e3c04

SHA256
7719e4524e8630a6f0fb895def86ed5d17c9f7856e93caa669b9e50942df1954

SHA512
75d31ae936bcf465b16f630f908925e686a83c7bb9b23d43aeda08a76fd8977d252fd6a9f5efca036a59164ef160bca2a02bf22c6cbda5a7bdf512b3b4996e76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe

Filesize
468KB

MD5
8e833cb52f3d7a970dd0b22090975226

SHA1
3c16c524ff3875285601e636a3a563df9e6edb3f

SHA256
a433d5ba5f0a5ad1a9b056d81117a7ace2cff660f5ebc0212f434334b6d0b7f2

SHA512
17a3fdc27e465a1076bc240c2a08d117f96e57a040202f40695b26dd6969d2942d0ecaa110ab5aab5f214c7c6d3077ba67086d250106e71830f7d838c5036e89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe

Filesize
468KB

MD5
6fa3a045edc66a4dbdb175b4d8bca402

SHA1
737face3f3b5aed30d387a30d9de9c5397c155d5

SHA256
9d5a0f03f2faec587a263894864ad3bdbbc7d7f1333027999aee79351179913c

SHA512
0a584a9528a05458a67127d1d23b4ed507eb3ec0d51c7885a7566a41478255b12d1f0c46c34b41993c3145b7b16b7d6cb8e96d36a6df9c7f64ca79d24ec7eff5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe

Filesize
468KB

MD5
2299d52c584feda4c5c2fb8f1fc903ad

SHA1
ebabc2c6c54ac9f909861218f53b1cb782838d29

SHA256
0d2fd3f0f24a9f1df3ff21be7ccd2ef8f0a1b5a188db0af7e95f3440c840f8b8

SHA512
68135cea6ca885736a1aafa85f296ac0e1e399d036fd565e2399e4b890e00bb349d2781e234cf44704d819e6c9333108ff00b08173555de960164bffb6eeb81b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe

Filesize
468KB

MD5
1b6ec133b6289ada708be82f25a3e0f7

SHA1
1f4b6d8bbe73180a9a8f49720801a81cbd9ac68e

SHA256
dff712a268751423f306c47d83196f6f03b82df421d1d4fd91a17d4761153904

SHA512
235d7eac44c9c804c173b1336c65339f7abf6e8c78b553de68ed4789d56eef3dbe80823da5ce4349b83cb5d9c33ed7f9dfac7c0895850eb0764c397bf32f0a37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe

Filesize
468KB

MD5
dfb02c121dff18fdc1d9ad88874b380d

SHA1
460030dcc12cadf6a7628d416ea75969fe8334fb

SHA256
f180184b19970102405b6784275b34eeb5403b9c386309d12af50b775d8fae8d

SHA512
1daf6171d14371e9a6778643e4f725ddb62374729612ccc2a1737469bc38a1b053ea5e890c741f4923faaca504c13f7576905835a83a2088bd86880d451ec015

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe

Filesize
468KB

MD5
0cc597621ad2ac56ea10bc78d092f566

SHA1
672f28f8927e101010420270eadd63c055bc0f31

SHA256
49c3a5432c9fa63aefe9114c1892574f46c532bf1b56ce2d124a3861a65b760d

SHA512
d7c2aa78670dfd24aac839cae0deddd7340216cd740cdbb6bcdc250a2a4fee01b87504155b2312d45aad482ac45e6db3b5d0bfa29e4e94b5d3bfc764f4fc4f7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe

Filesize
468KB

MD5
d3553f884b9bb8fec76dd406a9d1421c

SHA1
470529cf224ab7a813d16d7515a1093575e11d31

SHA256
dfd73fb081474114bd973bb2627053d080e3d01363a1368d9d4e8af88ccdd0fd

SHA512
5d4cf0fc6c8bf225469677fdfa13175575bda33ddce4f18626a8a2861ec956591dd1cd21321f2f3d89cd03603c1c4f1ad6b2855e701b7c8d3132b0ab22e8bc82

Download Submit