478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa

Analysis

max time kernel
116s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
Size

468KB
MD5

a9c3258e4c50c4b40276b2ad7c306f28
SHA1

e311c2bb0f68894867332a3047e71800184c66ee
SHA256

478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa
SHA512

608e1ae0d6aed1234464ee2553afeecbf11dd6e2d74c3a2dd7e72d030b45e955ff344bc1758cdd239f506aeeb505d5b91c4b8e67b5876a14bddcc95d783b9dea
SSDEEP

3072:96qyo3ccI23vtbYQPzcXUfTsoChZPspmn1HCDm3ku0ln6CUNST8ak:96Hosovt3P4XUfiAJRu09BUNS6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1704	Unicorn-60057.exe
2156	Unicorn-46518.exe
2236	Unicorn-42988.exe
472	Unicorn-6959.exe
2412	Unicorn-23296.exe
3012	Unicorn-11598.exe
2964	Unicorn-57814.exe
2792	Unicorn-64385.exe
2012	Unicorn-15184.exe
1036	Unicorn-25198.exe
2164	Unicorn-63736.exe
2232	Unicorn-27799.exe
1192	Unicorn-2548.exe
1924	Unicorn-64001.exe
2132	Unicorn-48220.exe
2400	Unicorn-35543.exe
2372	Unicorn-37057.exe
2264	Unicorn-15891.exe
964	Unicorn-61702.exe
320	Unicorn-17043.exe
2708	Unicorn-40593.exe
700	Unicorn-4406.exe
2524	Unicorn-21620.exe
2568	Unicorn-21620.exe
2612	Unicorn-21620.exe
1880	Unicorn-15489.exe
2512	Unicorn-21297.exe
1540	Unicorn-46679.exe
1060	Unicorn-1007.exe
1504	Unicorn-35910.exe
2076	Unicorn-64359.exe
2324	Unicorn-44152.exe
2220	Unicorn-60851.exe
844	Unicorn-64188.exe
1156	Unicorn-41722.exe
1716	Unicorn-17209.exe
2320	Unicorn-46544.exe
1632	Unicorn-58049.exe
2952	Unicorn-9019.exe
2940	Unicorn-17749.exe
3024	Unicorn-52459.exe
2868	Unicorn-38723.exe
1740	Unicorn-58589.exe
2740	Unicorn-42615.exe
2468	Unicorn-1028.exe
1020	Unicorn-19455.exe
2096	Unicorn-19778.exe
2168	Unicorn-23478.exe
1508	Unicorn-23478.exe
2148	Unicorn-23213.exe
2840	Unicorn-35538.exe
1832	Unicorn-49497.exe
1040	Unicorn-3825.exe
2040	Unicorn-60432.exe
1140	Unicorn-3560.exe
1280	Unicorn-58956.exe
2424	Unicorn-65086.exe
2484	Unicorn-23159.exe
1784	Unicorn-58070.exe
1980	Unicorn-58070.exe
2416	Unicorn-38204.exe
1672	Unicorn-46885.exe
1104	Unicorn-52486.exe
2376	Unicorn-6814.exe

Loads dropped DLL 64 IoCs

pid	Process
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
1704	Unicorn-60057.exe
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
1704	Unicorn-60057.exe
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
2156	Unicorn-46518.exe
2156	Unicorn-46518.exe
1704	Unicorn-60057.exe
2236	Unicorn-42988.exe
2236	Unicorn-42988.exe
1704	Unicorn-60057.exe
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
3012	Unicorn-11598.exe
3012	Unicorn-11598.exe
472	Unicorn-6959.exe
472	Unicorn-6959.exe
1704	Unicorn-60057.exe
2156	Unicorn-46518.exe
1704	Unicorn-60057.exe
2156	Unicorn-46518.exe
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
2412	Unicorn-23296.exe
2964	Unicorn-57814.exe
2236	Unicorn-42988.exe
2412	Unicorn-23296.exe
2964	Unicorn-57814.exe
2236	Unicorn-42988.exe
2792	Unicorn-64385.exe
2792	Unicorn-64385.exe
3012	Unicorn-11598.exe
3012	Unicorn-11598.exe
1036	Unicorn-25198.exe
1036	Unicorn-25198.exe
1704	Unicorn-60057.exe
1704	Unicorn-60057.exe
2164	Unicorn-63736.exe
2164	Unicorn-63736.exe
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
2232	Unicorn-27799.exe
2232	Unicorn-27799.exe
2132	Unicorn-48220.exe
1192	Unicorn-2548.exe
1924	Unicorn-64001.exe
2156	Unicorn-46518.exe
2132	Unicorn-48220.exe
1924	Unicorn-64001.exe
1192	Unicorn-2548.exe
2156	Unicorn-46518.exe
2412	Unicorn-23296.exe
2412	Unicorn-23296.exe
2964	Unicorn-57814.exe
2964	Unicorn-57814.exe
2012	Unicorn-15184.exe
2012	Unicorn-15184.exe
2236	Unicorn-42988.exe
2236	Unicorn-42988.exe
472	Unicorn-6959.exe
472	Unicorn-6959.exe
2400	Unicorn-35543.exe
2400	Unicorn-35543.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3160	3052	WerFault.exe	105

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35543.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
1704	Unicorn-60057.exe
2156	Unicorn-46518.exe
2236	Unicorn-42988.exe
3012	Unicorn-11598.exe
472	Unicorn-6959.exe
2412	Unicorn-23296.exe
2964	Unicorn-57814.exe
2792	Unicorn-64385.exe
1036	Unicorn-25198.exe
1192	Unicorn-2548.exe
1924	Unicorn-64001.exe
2132	Unicorn-48220.exe
2232	Unicorn-27799.exe
2164	Unicorn-63736.exe
2012	Unicorn-15184.exe
2400	Unicorn-35543.exe
2372	Unicorn-37057.exe
2264	Unicorn-15891.exe
964	Unicorn-61702.exe
320	Unicorn-17043.exe
700	Unicorn-4406.exe
2708	Unicorn-40593.exe
1880	Unicorn-15489.exe
2512	Unicorn-21297.exe
2524	Unicorn-21620.exe
2568	Unicorn-21620.exe
2612	Unicorn-21620.exe
1540	Unicorn-46679.exe
1060	Unicorn-1007.exe
1504	Unicorn-35910.exe
2076	Unicorn-64359.exe
2324	Unicorn-44152.exe
2220	Unicorn-60851.exe
844	Unicorn-64188.exe
1156	Unicorn-41722.exe
1716	Unicorn-17209.exe
2320	Unicorn-46544.exe
1632	Unicorn-58049.exe
2952	Unicorn-9019.exe
2940	Unicorn-17749.exe
3024	Unicorn-52459.exe
1740	Unicorn-58589.exe
2868	Unicorn-38723.exe
2468	Unicorn-1028.exe
2740	Unicorn-42615.exe
1508	Unicorn-23478.exe
2168	Unicorn-23478.exe
2096	Unicorn-19778.exe
1020	Unicorn-19455.exe
2148	Unicorn-23213.exe
2840	Unicorn-35538.exe
1040	Unicorn-3825.exe
1832	Unicorn-49497.exe
2040	Unicorn-60432.exe
1140	Unicorn-3560.exe
1280	Unicorn-58956.exe
2424	Unicorn-65086.exe
1672	Unicorn-46885.exe
1784	Unicorn-58070.exe
2484	Unicorn-23159.exe
1104	Unicorn-52486.exe
2416	Unicorn-38204.exe
2376	Unicorn-6814.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 1704	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	29
PID 2496 wrote to memory of 1704	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	29
PID 2496 wrote to memory of 1704	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	29
PID 2496 wrote to memory of 1704	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	29
PID 1704 wrote to memory of 2156	1704	Unicorn-60057.exe	30
PID 1704 wrote to memory of 2156	1704	Unicorn-60057.exe	30
PID 1704 wrote to memory of 2156	1704	Unicorn-60057.exe	30
PID 1704 wrote to memory of 2156	1704	Unicorn-60057.exe	30
PID 2496 wrote to memory of 2236	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	31
PID 2496 wrote to memory of 2236	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	31
PID 2496 wrote to memory of 2236	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	31
PID 2496 wrote to memory of 2236	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	31
PID 2156 wrote to memory of 472	2156	Unicorn-46518.exe	32
PID 2156 wrote to memory of 472	2156	Unicorn-46518.exe	32
PID 2156 wrote to memory of 472	2156	Unicorn-46518.exe	32
PID 2156 wrote to memory of 472	2156	Unicorn-46518.exe	32
PID 2236 wrote to memory of 2412	2236	Unicorn-42988.exe	34
PID 2236 wrote to memory of 2412	2236	Unicorn-42988.exe	34
PID 2236 wrote to memory of 2412	2236	Unicorn-42988.exe	34
PID 2236 wrote to memory of 2412	2236	Unicorn-42988.exe	34
PID 1704 wrote to memory of 3012	1704	Unicorn-60057.exe	33
PID 1704 wrote to memory of 3012	1704	Unicorn-60057.exe	33
PID 1704 wrote to memory of 3012	1704	Unicorn-60057.exe	33
PID 1704 wrote to memory of 3012	1704	Unicorn-60057.exe	33
PID 2496 wrote to memory of 2964	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	35
PID 2496 wrote to memory of 2964	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	35
PID 2496 wrote to memory of 2964	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	35
PID 2496 wrote to memory of 2964	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	35
PID 3012 wrote to memory of 2792	3012	Unicorn-11598.exe	36
PID 3012 wrote to memory of 2792	3012	Unicorn-11598.exe	36
PID 3012 wrote to memory of 2792	3012	Unicorn-11598.exe	36
PID 3012 wrote to memory of 2792	3012	Unicorn-11598.exe	36
PID 472 wrote to memory of 2012	472	Unicorn-6959.exe	37
PID 472 wrote to memory of 2012	472	Unicorn-6959.exe	37
PID 472 wrote to memory of 2012	472	Unicorn-6959.exe	37
PID 472 wrote to memory of 2012	472	Unicorn-6959.exe	37
PID 1704 wrote to memory of 1036	1704	Unicorn-60057.exe	38
PID 1704 wrote to memory of 1036	1704	Unicorn-60057.exe	38
PID 1704 wrote to memory of 1036	1704	Unicorn-60057.exe	38
PID 1704 wrote to memory of 1036	1704	Unicorn-60057.exe	38
PID 2156 wrote to memory of 2232	2156	Unicorn-46518.exe	39
PID 2156 wrote to memory of 2232	2156	Unicorn-46518.exe	39
PID 2156 wrote to memory of 2232	2156	Unicorn-46518.exe	39
PID 2156 wrote to memory of 2232	2156	Unicorn-46518.exe	39
PID 2496 wrote to memory of 2164	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	40
PID 2496 wrote to memory of 2164	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	40
PID 2496 wrote to memory of 2164	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	40
PID 2496 wrote to memory of 2164	2496	478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe	40
PID 2412 wrote to memory of 1924	2412	Unicorn-23296.exe	41
PID 2412 wrote to memory of 1924	2412	Unicorn-23296.exe	41
PID 2412 wrote to memory of 1924	2412	Unicorn-23296.exe	41
PID 2412 wrote to memory of 1924	2412	Unicorn-23296.exe	41
PID 2964 wrote to memory of 1192	2964	Unicorn-57814.exe	42
PID 2964 wrote to memory of 1192	2964	Unicorn-57814.exe	42
PID 2964 wrote to memory of 1192	2964	Unicorn-57814.exe	42
PID 2964 wrote to memory of 1192	2964	Unicorn-57814.exe	42
PID 2236 wrote to memory of 2132	2236	Unicorn-42988.exe	43
PID 2236 wrote to memory of 2132	2236	Unicorn-42988.exe	43
PID 2236 wrote to memory of 2132	2236	Unicorn-42988.exe	43
PID 2236 wrote to memory of 2132	2236	Unicorn-42988.exe	43
PID 2792 wrote to memory of 2400	2792	Unicorn-64385.exe	44
PID 2792 wrote to memory of 2400	2792	Unicorn-64385.exe	44
PID 2792 wrote to memory of 2400	2792	Unicorn-64385.exe	44
PID 2792 wrote to memory of 2400	2792	Unicorn-64385.exe	44

C:\Users\Admin\AppData\Local\Temp\478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe
"C:\Users\Admin\AppData\Local\Temp\478b9ee076652d3177d344c217e3746b837d9779e74321aec4dd584786939dfa.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6959.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        7⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        7⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        6⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7551.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        6⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        6⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
        5⤵
        
        PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        7⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        6⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        6⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        6⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        6⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14634.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        5⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        5⤵
        
        PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        5⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        5⤵
        
        PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        5⤵
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
        5⤵
        
        PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
      4⤵
      PID:284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
      4⤵
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28723.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        7⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        7⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        6⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        6⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        6⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60851.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
        6⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        5⤵
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        5⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        5⤵
        
        PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        6⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        7⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        6⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3522.exe
        6⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        5⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        5⤵
        
        PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        5⤵
        
        PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
      4⤵
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
      4⤵
      PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26664.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
      4⤵
      PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15891.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        7⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23300.exe
        7⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        6⤵
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        6⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        5⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
        6⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        5⤵
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
      4⤵
      PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
        5⤵
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
      4⤵
      PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
    3⤵
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
    3⤵
    PID:236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
    3⤵
    PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
    3⤵
    PID:4548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        6⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        6⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        5⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        6⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28935.exe
        5⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        5⤵
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        5⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        5⤵
        
        PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        5⤵
        
        PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
      4⤵
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
      4⤵
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        6⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        6⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        6⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        5⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49497.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        6⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
        6⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        5⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        5⤵
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
      4⤵
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        5⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        5⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        5⤵
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
      4⤵
      PID:840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
      4⤵
      PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
      4⤵
      PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
      4⤵
      PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51941.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
      4⤵
      PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23213.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
      4⤵
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
    3⤵
    PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
    3⤵
    PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
    3⤵
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
    3⤵
    PID:3792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        6⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        6⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
        6⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
      4⤵
      PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52819.exe
      4⤵
      PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
      4⤵
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
      4⤵
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
      4⤵
      PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
      4⤵
      PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
      4⤵
      PID:852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
      4⤵
      PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
    3⤵
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
    3⤵
    PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
    3⤵
    PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
    3⤵
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
    3⤵
    PID:4808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        5⤵
        
        PID:3052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        6⤵
        Program crash
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        5⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        5⤵
        
        PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
      4⤵
      PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
      4⤵
      PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
    3⤵
    PID:1288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
    3⤵
    PID:3752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
    3⤵
    PID:4560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
    3⤵
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
      4⤵
      PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
    3⤵
    PID:620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
    3⤵
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
    3⤵
    PID:1416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
    3⤵
    PID:4632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
    3⤵
    PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
    3⤵
    PID:4928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
  2⤵
  PID:2024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
  2⤵
  PID:1676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
  2⤵
  PID:3348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
  2⤵
  PID:4036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe

Filesize
468KB

MD5
e773ee07d0432a58265af9fcb73a9e13

SHA1
125412e85c6e75024b05a073467e6de7b5f7c674

SHA256
2d10e8c3420c621b918d094a2ad5fa8497d7640ac9650073144df9b0258fc836

SHA512
8d9572df92b13c64369cf102d904b2eac6eca77acb925899c6eb78a64b8d3ec24dfcdd44021231c08a88b1bd11b80eda48ccb324d6e8d7dc7d56f3096a606b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe

Filesize
468KB

MD5
5811a05a3dd6579e819f59d20516062e

SHA1
81c62101f297287dad4e0003ad92181092c94d8d

SHA256
a9b0f85668b807bf519898cbf04c77ec09279f904eb3a885f5f035491393f922

SHA512
0cc78eba8f6bfe445a03a524eb6cc0abbcc943a2b213d2fa0de641a36221c5f06d36e1e3010efaef1406de32b20230f62e827df1edc840301c4241a228b06255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe

Filesize
468KB

MD5
0746b9c7706f7fb392e613bd9da79fcf

SHA1
afd644718f533c25001da9544faa25b7d9caa045

SHA256
53d0e68513b08fcaec7607cc2965dd64648d1485ed2b8989d2bf62e3e96498ab

SHA512
76a25c4ab974dc4b19123d58549a56cf0f16648fb0e92f953229a7db001baa8bd4246ed722e1ba181f441e5643584c6702987115fe4c48f0933da5be21c87790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe

Filesize
468KB

MD5
e3d32c0030467d75ba1ee3e4ea7a242c

SHA1
751c45b76c862e40c2701e06023c6a5d409b88d4

SHA256
182b83217a07ea7eb36b385b768665cc8ef5d13935bb52de9f06921dee33e1d2

SHA512
d30647b6b3ae2e10f2dfc492734605ac0f1e62d8672fcc1e06ab7ec9f3d896b3a49249b8164a1c3a2017248cb824898fa8d29f53fe61429664b79a0282d25145

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe

Filesize
468KB

MD5
4184d750b76b5df7831f2e54a5be8b85

SHA1
8299494eda94777964040cb96d9dc9e3da53131a

SHA256
67ec9f25f820d3fd4ad92583a67d6311e5a8c37276e9615a1c5e22a2dcf1c71b

SHA512
d23335766fc8d87f00a823e61db323b05a42fd7f1441baa76bf83fd2aa0cd306d4c28f5b6048cb689f109ad73ab3c4f3c5f3e68b01cb77576ecb4d2d356064a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15891.exe

Filesize
468KB

MD5
9100d1463a155568839b099b07c0121d

SHA1
9dac2cd640e702e7b4b15944e23f4d4f7681e9a3

SHA256
dacaf849f988863d2a3044eb0a3150cc3d405a5b94cf03346b6acd600b102774

SHA512
0c5f292d2fccb058f8a77723a142c27f88b13e4c23eef524e3732b3e078ad8f5563af588c7e41efdc825786689d4c7c43a86fa8cb8c81782e6e277cfbf52138e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe

Filesize
468KB

MD5
567b975823a3b354aa85aed5b2cbc873

SHA1
e4f2b5b00d49d3885c1b2c9c7a053f4c5d885478

SHA256
c80ddaa060dca7f11a46f030f2656281fbcd245033d39495bbce458ba5a243d8

SHA512
b5cc040fd33426e3a7d9537a0d59bb87c6338f4b10e41735426cc627e2992ea5b3dc7eaca609db82dabb8d1d91dbfd15f10c1a75b578f6a2ca08f160b8d39cd9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe

Filesize
468KB

MD5
9554e1bb18b1e2b6c58ad23f286cfca8

SHA1
1bc2e9ff52ce2f74ae132386c42e6da7eabfece1

SHA256
22fd2e857421bc3941180aed98d60859c423e109d242a1949fc43ff367524e83

SHA512
aa9b0055dfd91cc15686dd1939d069e8c6848b98a15cf4ece88bbd976b33c288bb028eb869839bcdb53dfd3bc8828d108ce6309cbfdac642f4fee2779bb7a859

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe

Filesize
468KB

MD5
01c4f2f5677d26e4cfee21d31550bf68

SHA1
2af0e75563469a2e6acadf022ee44c643ee12948

SHA256
3ae249845e2f58dd1698fb782350c095c00714cd71dc07c3cfccc126d6b84864

SHA512
334c4e9206a56f80d1a97c463a4dd4ef9bd7f2e5efa9994fc6e1597e4b2c7fad26e34d5288e86a96645c8767e5e2feb0c94de59524b4cfe8c7e2ab56bb44ad0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe

Filesize
468KB

MD5
c43ed2072dfdd98df84c5b469d2c23ec

SHA1
ab5f062a89c7047cbae744ec80e1201a84305572

SHA256
843ec1a4a8785138c9ab943f0285e7f2ca54cfe21d166ad0de05ecc66c0e9e74

SHA512
f149bc2a4534296aa0cd85ecf3fbd6e71516a07d0f377b53eb656d58d17055d595505ee76aad788d8ef381b6ef56b039f808a8f7befa7821dd2770e5362257c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe

Filesize
468KB

MD5
47944776747ddbfe5701e8146186f794

SHA1
9e9a17460aebb0c452750454436713577fb6b901

SHA256
71f428ef64b5826e7a75123a02414539326c0400f812c2296a6723b48c8a0c70

SHA512
241806a7e37fe8dfc28837e5856dcc4551c173383a1c8e5aab44f17236cab0f77967d0ea4bc563ccbc01fb1571818a15d7b25a15a4fae9a0cc9c5f8335184f9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe

Filesize
468KB

MD5
a0e7dc10aa1f36d790e985746e2ed74f

SHA1
bc18f8c6b0951ead787cb938e55f4239e7622424

SHA256
06743d8962fef4b65cfcbccc5aa406404aa08018fdb4b655b74717a6375ba6b6

SHA512
2a59298549182fd04892301a54345ebb76404f7a2b3bd853ce4c334fbd2879dd923c3e364cdfe90bebc87a1814962bc27afee038c30b3bdf64af0f5b97707ef5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe

Filesize
468KB

MD5
eb982f077e570b5d8cc5de148eb836c9

SHA1
556b7f9201f19b03c5f38c5cca9bdda41a410d54

SHA256
0daac005b66a6830bfa670e907c06ad3f3a61850a525add5f1637af8079e7017

SHA512
5c370bde95d23ddc04b4a1f6c9957a33f8c63dad1c22a46af981c42b356e489a5dde14011d5d15e7ef817af0dd17d5f7cf3fb10dd2db226cdd381e54217f28d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe

Filesize
468KB

MD5
f6a137e926d442cd838b7f47a94494c5

SHA1
03d0e22ddf471f872d8cd762a31eb6bd77d1dbde

SHA256
fd340f07f487325c3f2d15f958374ebe3c9c06358a6961c1dc62d9f8f0472d80

SHA512
a2c2b3dc7c433468b4efdc0520b5b7be27e370b2057d66af74067a77847d87c02f1170968868b85fc351ed1d1fd38f5f02e131631b5d570d601db3cd692a00b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe

Filesize
468KB

MD5
fd8f2c274457326455f3acdbd77e1cb8

SHA1
e1205006bdb6dbb0a447d2f6c9a7caf40d43d87f

SHA256
e2ca482c7511100357a59d5aae742fcd035ed65ca54fb2f0e4082bb700897e9e

SHA512
bbd965c60c09579a0a1e0d78067878753ea4fcd5f20f60874a7ecee2932b64f539369e6e8d5a048e877b4c335783ac9f553eb5e2e7e52dfd5a0f43938b676518

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe

Filesize
468KB

MD5
cc35b4ad899f2535596b3c73fcba1b5f

SHA1
f22b47e268b767c66f961f300add3d5e4a99a10b

SHA256
ae77e4b2dc23e42871863508429df564f6e841ebac408f380726d30e10999667

SHA512
27b8240e826e8d57690d068f3683c0bb1060b57281ee8c55bf270fb0777127c4259771a3447f78630068f617980c5b38552c38d2fe97cf513b9b41184d6da6a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe

Filesize
468KB

MD5
8ad1a9ed3e202dbc5f9ae7ee490e9d99

SHA1
4d35156b63dee026e92e4ac484cef0b8a172d791

SHA256
ac622f48d88ed12800b9a0a4cda76a72e946a102f90b6cef2f1a13c89b6fd055

SHA512
90b9e8a753fa2aec59793df35d9e8b241ce7453ae80f258b9b535ac897746b52aff2e75901fb464fbb9c9f632dd02da2be15e0bc04afada0fa6bd7161d92b7a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe

Filesize
468KB

MD5
1d7df3f508cee0d6308123a26eb9a441

SHA1
5f72f317ad83314d0d1556996388afcc31c1f751

SHA256
8601bc356194da13b46ae59c1fbc1a1042ea558840f19f06b91c704e4c14ea79

SHA512
a75461e6a379b85168102b28983be7fc54665791a128b5846ef48eb9d9924efc078a98c6aba97b3b8205c0bd1834786178ab7ae7bc1c68e83dac03d5aa3bb059

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe

Filesize
468KB

MD5
877689809220d91994e75611e3f1dc9d

SHA1
96811f8ce84dc10f5aa7cd3c1b3c054775d2424e

SHA256
19331f11cf312b8814d5628f126bf12b9fb234e21fab8963ee9f97a7209495ac

SHA512
d744235d47ba5d52b4edf482665d5416094bb09c0b51648b1b7b0edee9ae3c4951cdd9bf13778de747372a6f8d9d96da914fae000b2fed3b1e40b3429a78c41a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6959.exe

Filesize
468KB

MD5
11f323fbd38681de3868250bd709c1e0

SHA1
7aee09f578dfdfebf7a74a7b9f019df6062e154b

SHA256
ad61205f1fb282cf6d0acde9e4479587e5146ae1bd15df6dfd365219b289efc5

SHA512
951e71f6ad52884349f143b80675d57d4da6c36165d23bc6ddd4f0bc0b6c73fe6ba343d274a0c92c10540a4047df1569fe753c1de0f8defa6dca8dbbfa200ec3

Download Submit