8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281dae

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
Size

468KB
MD5

e9981155a59b0201fd0eabf87f79fbb0
SHA1

c7457e372e275713d182dc00895648a349f4324b
SHA256

8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281dae
SHA512

2315573bbbfbee60646f8df71877279c4825b5ad4f48d1c50e5d2b7c549d046d66ac56ae3b7160da6efe96170d67d2ee6579f3437866afb0389c7e7d45dad023
SSDEEP

3072:4belogxaIU57tbYTPzcfmbfD/n2DnsIH9CmyeQVqGus8kk4SuxulX:4b4oCc7t8P4fmbfradWus9NSux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2868	Unicorn-31345.exe
2784	Unicorn-25646.exe
2936	Unicorn-2367.exe
1412	Unicorn-8366.exe
2744	Unicorn-53078.exe
2112	Unicorn-7406.exe
1172	Unicorn-58645.exe
108	Unicorn-21574.exe
2524	Unicorn-556.exe
2188	Unicorn-12180.exe
2544	Unicorn-12445.exe
2960	Unicorn-4085.exe
1656	Unicorn-4505.exe
2464	Unicorn-18240.exe
760	Unicorn-24371.exe
2204	Unicorn-64020.exe
2008	Unicorn-12218.exe
2584	Unicorn-18349.exe
2244	Unicorn-59298.exe
1552	Unicorn-3087.exe
816	Unicorn-11825.exe
1720	Unicorn-37975.exe
804	Unicorn-45878.exe
1800	Unicorn-46143.exe
2044	Unicorn-900.exe
1812	Unicorn-36365.exe
2448	Unicorn-31535.exe
1588	Unicorn-61446.exe
2312	Unicorn-15775.exe
2588	Unicorn-36557.exe
1056	Unicorn-13205.exe
1048	Unicorn-59028.exe
2824	Unicorn-19457.exe
1660	Unicorn-31748.exe
2792	Unicorn-46008.exe
2704	Unicorn-23964.exe
2832	Unicorn-36687.exe
2780	Unicorn-47928.exe
2716	Unicorn-15905.exe
2288	Unicorn-55328.exe
920	Unicorn-42329.exe
2140	Unicorn-1212.exe
1924	Unicorn-12261.exe
1932	Unicorn-33236.exe
2152	Unicorn-4477.exe
3020	Unicorn-4020.exe
2844	Unicorn-4285.exe
2628	Unicorn-3325.exe
2396	Unicorn-41897.exe
992	Unicorn-44010.exe
264	Unicorn-6506.exe
2392	Unicorn-14674.exe
1868	Unicorn-3352.exe
1124	Unicorn-6152.exe
1576	Unicorn-62744.exe
1472	Unicorn-37472.exe
1940	Unicorn-17606.exe
2456	Unicorn-20595.exe
364	Unicorn-1850.exe
2208	Unicorn-55837.exe
612	Unicorn-46444.exe
2352	Unicorn-49973.exe
1876	Unicorn-8400.exe
1976	Unicorn-37512.exe

Loads dropped DLL 64 IoCs

pid	Process
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2868	Unicorn-31345.exe
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2868	Unicorn-31345.exe
2936	Unicorn-2367.exe
2936	Unicorn-2367.exe
2868	Unicorn-31345.exe
2784	Unicorn-25646.exe
2868	Unicorn-31345.exe
2784	Unicorn-25646.exe
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
1172	Unicorn-58645.exe
1172	Unicorn-58645.exe
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2936	Unicorn-2367.exe
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2936	Unicorn-2367.exe
1412	Unicorn-8366.exe
1412	Unicorn-8366.exe
2744	Unicorn-53078.exe
2744	Unicorn-53078.exe
2784	Unicorn-25646.exe
2868	Unicorn-31345.exe
2784	Unicorn-25646.exe
2868	Unicorn-31345.exe
2112	Unicorn-7406.exe
2112	Unicorn-7406.exe
2936	Unicorn-2367.exe
1172	Unicorn-58645.exe
1172	Unicorn-58645.exe
2936	Unicorn-2367.exe
108	Unicorn-21574.exe
108	Unicorn-21574.exe
2188	Unicorn-12180.exe
2188	Unicorn-12180.exe
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2464	Unicorn-18240.exe
2464	Unicorn-18240.exe
1656	Unicorn-4505.exe
1656	Unicorn-4505.exe
2868	Unicorn-31345.exe
2868	Unicorn-31345.exe
760	Unicorn-24371.exe
760	Unicorn-24371.exe
2784	Unicorn-25646.exe
2784	Unicorn-25646.exe
2112	Unicorn-7406.exe
2112	Unicorn-7406.exe
2544	Unicorn-12445.exe
2544	Unicorn-12445.exe
1412	Unicorn-8366.exe
1412	Unicorn-8366.exe
2960	Unicorn-4085.exe
2960	Unicorn-4085.exe
2744	Unicorn-53078.exe
2744	Unicorn-53078.exe
2524	Unicorn-556.exe
2524	Unicorn-556.exe
2204	Unicorn-64020.exe
2204	Unicorn-64020.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2948	2008	WerFault.exe	45

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3025.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
2868	Unicorn-31345.exe
2784	Unicorn-25646.exe
2936	Unicorn-2367.exe
2744	Unicorn-53078.exe
1412	Unicorn-8366.exe
1172	Unicorn-58645.exe
2112	Unicorn-7406.exe
108	Unicorn-21574.exe
2524	Unicorn-556.exe
2188	Unicorn-12180.exe
2544	Unicorn-12445.exe
2464	Unicorn-18240.exe
1656	Unicorn-4505.exe
2960	Unicorn-4085.exe
760	Unicorn-24371.exe
2204	Unicorn-64020.exe
2584	Unicorn-18349.exe
2244	Unicorn-59298.exe
2008	Unicorn-12218.exe
1552	Unicorn-3087.exe
816	Unicorn-11825.exe
1720	Unicorn-37975.exe
804	Unicorn-45878.exe
1800	Unicorn-46143.exe
2044	Unicorn-900.exe
1812	Unicorn-36365.exe
2448	Unicorn-31535.exe
2312	Unicorn-15775.exe
1588	Unicorn-61446.exe
2588	Unicorn-36557.exe
1056	Unicorn-13205.exe
1048	Unicorn-59028.exe
2824	Unicorn-19457.exe
1660	Unicorn-31748.exe
2704	Unicorn-23964.exe
2780	Unicorn-47928.exe
2792	Unicorn-46008.exe
2832	Unicorn-36687.exe
2716	Unicorn-15905.exe
2288	Unicorn-55328.exe
920	Unicorn-42329.exe
2140	Unicorn-1212.exe
1924	Unicorn-12261.exe
1932	Unicorn-33236.exe
2152	Unicorn-4477.exe
3020	Unicorn-4020.exe
2628	Unicorn-3325.exe
2844	Unicorn-4285.exe
2392	Unicorn-14674.exe
2396	Unicorn-41897.exe
992	Unicorn-44010.exe
264	Unicorn-6506.exe
1868	Unicorn-3352.exe
1124	Unicorn-6152.exe
1576	Unicorn-62744.exe
1940	Unicorn-17606.exe
1472	Unicorn-37472.exe
2456	Unicorn-20595.exe
364	Unicorn-1850.exe
2208	Unicorn-55837.exe
2352	Unicorn-49973.exe
612	Unicorn-46444.exe
1976	Unicorn-37512.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2868	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	30
PID 2808 wrote to memory of 2868	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	30
PID 2808 wrote to memory of 2868	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	30
PID 2808 wrote to memory of 2868	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	30
PID 2808 wrote to memory of 2784	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	32
PID 2808 wrote to memory of 2784	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	32
PID 2808 wrote to memory of 2784	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	32
PID 2808 wrote to memory of 2784	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	32
PID 2868 wrote to memory of 2936	2868	Unicorn-31345.exe	31
PID 2868 wrote to memory of 2936	2868	Unicorn-31345.exe	31
PID 2868 wrote to memory of 2936	2868	Unicorn-31345.exe	31
PID 2868 wrote to memory of 2936	2868	Unicorn-31345.exe	31
PID 2936 wrote to memory of 1412	2936	Unicorn-2367.exe	33
PID 2936 wrote to memory of 1412	2936	Unicorn-2367.exe	33
PID 2936 wrote to memory of 1412	2936	Unicorn-2367.exe	33
PID 2936 wrote to memory of 1412	2936	Unicorn-2367.exe	33
PID 2868 wrote to memory of 2744	2868	Unicorn-31345.exe	34
PID 2868 wrote to memory of 2744	2868	Unicorn-31345.exe	34
PID 2868 wrote to memory of 2744	2868	Unicorn-31345.exe	34
PID 2868 wrote to memory of 2744	2868	Unicorn-31345.exe	34
PID 2784 wrote to memory of 2112	2784	Unicorn-25646.exe	35
PID 2784 wrote to memory of 2112	2784	Unicorn-25646.exe	35
PID 2784 wrote to memory of 2112	2784	Unicorn-25646.exe	35
PID 2784 wrote to memory of 2112	2784	Unicorn-25646.exe	35
PID 2808 wrote to memory of 1172	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	36
PID 2808 wrote to memory of 1172	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	36
PID 2808 wrote to memory of 1172	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	36
PID 2808 wrote to memory of 1172	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	36
PID 1172 wrote to memory of 108	1172	Unicorn-58645.exe	37
PID 1172 wrote to memory of 108	1172	Unicorn-58645.exe	37
PID 1172 wrote to memory of 108	1172	Unicorn-58645.exe	37
PID 1172 wrote to memory of 108	1172	Unicorn-58645.exe	37
PID 2808 wrote to memory of 2188	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	38
PID 2808 wrote to memory of 2188	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	38
PID 2808 wrote to memory of 2188	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	38
PID 2808 wrote to memory of 2188	2808	8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe	38
PID 2936 wrote to memory of 2524	2936	Unicorn-2367.exe	39
PID 2936 wrote to memory of 2524	2936	Unicorn-2367.exe	39
PID 2936 wrote to memory of 2524	2936	Unicorn-2367.exe	39
PID 2936 wrote to memory of 2524	2936	Unicorn-2367.exe	39
PID 1412 wrote to memory of 2544	1412	Unicorn-8366.exe	40
PID 1412 wrote to memory of 2544	1412	Unicorn-8366.exe	40
PID 1412 wrote to memory of 2544	1412	Unicorn-8366.exe	40
PID 1412 wrote to memory of 2544	1412	Unicorn-8366.exe	40
PID 2744 wrote to memory of 2960	2744	Unicorn-53078.exe	41
PID 2744 wrote to memory of 2960	2744	Unicorn-53078.exe	41
PID 2744 wrote to memory of 2960	2744	Unicorn-53078.exe	41
PID 2744 wrote to memory of 2960	2744	Unicorn-53078.exe	41
PID 2784 wrote to memory of 1656	2784	Unicorn-25646.exe	42
PID 2784 wrote to memory of 1656	2784	Unicorn-25646.exe	42
PID 2784 wrote to memory of 1656	2784	Unicorn-25646.exe	42
PID 2784 wrote to memory of 1656	2784	Unicorn-25646.exe	42
PID 2868 wrote to memory of 2464	2868	Unicorn-31345.exe	43
PID 2868 wrote to memory of 2464	2868	Unicorn-31345.exe	43
PID 2868 wrote to memory of 2464	2868	Unicorn-31345.exe	43
PID 2868 wrote to memory of 2464	2868	Unicorn-31345.exe	43
PID 2112 wrote to memory of 760	2112	Unicorn-7406.exe	44
PID 2112 wrote to memory of 760	2112	Unicorn-7406.exe	44
PID 2112 wrote to memory of 760	2112	Unicorn-7406.exe	44
PID 2112 wrote to memory of 760	2112	Unicorn-7406.exe	44
PID 1172 wrote to memory of 2204	1172	Unicorn-58645.exe	46
PID 1172 wrote to memory of 2204	1172	Unicorn-58645.exe	46
PID 1172 wrote to memory of 2204	1172	Unicorn-58645.exe	46
PID 1172 wrote to memory of 2204	1172	Unicorn-58645.exe	46

C:\Users\Admin\AppData\Local\Temp\8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe
"C:\Users\Admin\AppData\Local\Temp\8f11db8e2b1349abaefb38f94639467816842f26227ddba87070a0abb6281daeN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
        7⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        7⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        7⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        6⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        6⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        6⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27537.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        6⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        5⤵
        
        PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        6⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-268.exe
        6⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4777.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        6⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        6⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        6⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        5⤵
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12218.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        5⤵
        Program crash
        
        PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51172.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        6⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        5⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        5⤵
        
        PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        5⤵
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39785.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4085.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        6⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63874.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        6⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        6⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        6⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
        5⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64151.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        6⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36557.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        6⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
        5⤵
        
        PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
        5⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        5⤵
        
        PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
      4⤵
      PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
        7⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        6⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        6⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        6⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        6⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        6⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        6⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        6⤵
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        6⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
        5⤵
        
        PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3668.exe
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
      4⤵
      PID:4608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        5⤵
        
        PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        5⤵
        
        PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54410.exe
      4⤵
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        5⤵
        
        PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
      4⤵
      PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
      4⤵
      PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
      4⤵
      PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
      4⤵
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        5⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
      4⤵
      PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
      4⤵
      PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
      4⤵
      PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
    3⤵
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
    3⤵
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
    3⤵
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
    3⤵
    PID:4468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        7⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        6⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55949.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        5⤵
        
        PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        5⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        5⤵
        
        PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      4⤵
      PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        5⤵
        
        PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8722.exe
      4⤵
      PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
      4⤵
      PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53319.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46258.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        6⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        5⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44921.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        5⤵
        
        PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46866.exe
        5⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        5⤵
        
        PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
      4⤵
      PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
      4⤵
      PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
      4⤵
      PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
      4⤵
      PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
      4⤵
      PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      4⤵
      PID:4228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
    3⤵
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
      4⤵
      PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
      4⤵
      PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe
        6⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
        6⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        6⤵
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55207.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        6⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        5⤵
        
        PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        5⤵
        
        PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
      4⤵
      PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
      4⤵
      PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
      4⤵
      PID:4100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        5⤵
        Executes dropped EXE
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        5⤵
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        6⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        6⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
      4⤵
      PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
      4⤵
      PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
      4⤵
      PID:284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
      4⤵
      PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41338.exe
    3⤵
    PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
    3⤵
    PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
    3⤵
    PID:3264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
    3⤵
    PID:4740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        5⤵
        
        PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
      4⤵
      PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
      4⤵
      PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
      4⤵
      PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
      4⤵
      PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
    3⤵
    PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
    3⤵
    PID:4844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
      4⤵
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5514.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
      4⤵
      PID:4804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
    3⤵
    PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
    3⤵
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
    3⤵
    PID:4316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
      4⤵
      PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
      4⤵
      PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
    3⤵
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
    3⤵
    PID:4652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
  2⤵
  PID:1888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
  2⤵
  PID:4008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
  2⤵
  PID:3556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
  2⤵
  PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe

Filesize
468KB

MD5
32fad9dc416ec8ca107f04007b7df847

SHA1
356297065f67bd44d4f9db0ca5d64ca055f595e7

SHA256
c0406bdbbb497c57492bb10e18588b4aefb12b671e53629205acb23f4699f237

SHA512
1fa44afa75f5c2cc702d2840283c9bd5a61dda549a86173a418b8739c239d87208e3d596db63d9d4db902d8f118f4a5d1827255ce7d7971a82ffe999fb5a7d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe

Filesize
468KB

MD5
decacd20703c064fcc6bbe2b385701d6

SHA1
5086967039d9e79694e2ed6e5e04016c869d23a4

SHA256
65e033abf6a565a9f834b4ab09cfa4b129e00b743495a6f02328fa4881d80143

SHA512
1c164d93fcd74ef6e90895b5ed1911c326426e464a79fcd45fc1b4705e4144144abd9194e919c83bf56111214b1c5cf9602e5f7dfe698b268203b02ec5f03391

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe

Filesize
468KB

MD5
c4fa2805c3199f3ea76337a533635f30

SHA1
7fa056b986480f138ec24fc138498d21d9c3e99c

SHA256
4593397003270c57a770591d72c540b09230d669f33968db8365693dafabb36e

SHA512
a4dc1358540cb5bd5ba947cae9cbb3902ef017da829e517e68b4d1b48afd9273966ea858b89acf2aaf1796df016430bff4971d1942dc190795622af5630c721f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe

Filesize
468KB

MD5
319cecc55e14cbf62ddeaf9b0021a0e2

SHA1
c3f8c86a492ec194f6f26489edb3bde0d20e5427

SHA256
6a82f1a7aa1f9da9b569e84fd08630ace00af5f0d90aa4f1fca35f12c286f9a3

SHA512
ed453eee722142914ded4cdbd0113f1d8ac482f603ef1b215ccfad7f22bee3294933eb14872d728becb8c3066239b627c17dee6873e0461aafc465963ade31ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe

Filesize
468KB

MD5
6787e4bd40723081c9fedaa2b216aa3c

SHA1
5f75da542699a04761b50b795ec7777ca7891792

SHA256
018f65ce869816e467eb93172b879d3a04826774136ce2588425b1dff3aa3a04

SHA512
60f7ccc73df25c24f472efe03ed3878bc0205ae312cc6771096a5480bea3272c73bc0576430e02701708f07e9c09ccbf2adeaae75507f8701e92f5666ebd1594

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12218.exe

Filesize
468KB

MD5
f3a2b83dc6eec365b44d7e26fa11e41d

SHA1
e756039746dc1444e2c71fcfd601737b9d025b9c

SHA256
cc8aff09831c5e35f1eb979b6a0b30dd711269964fb648f20fec4d3aaf006212

SHA512
acf301fbb14a59a93c997de123e988e0b498539a71e532c75c40d9f4ae3ce6ee6d91472341a8946f4589a415fe93fd2671e0da74fa124526fa3ecde3b448c162

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe

Filesize
468KB

MD5
8238f1ffbe65a8b67b86e60af57053c6

SHA1
a508f5d19b6dab4ee3e82b02fc8798f46ce067d6

SHA256
fdeb3011f68bb573930a0fd4be2200bf7733483b8775e7069b27a562ac6aec7f

SHA512
9e413196bb83dede8d65509361618eb84236d14449e9500e2053192efc78d832ef91f446d6d2c6f272ed1ff784bfdf10abaceded70ca2f705fb94ca81c3a7a33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe

Filesize
468KB

MD5
e7e9524488c9822c75eb5b8c74a0dda0

SHA1
117c482c9c74c473d99275bf4db0ea68ab792c94

SHA256
0897a1236faa7da47d46f2aa05d8ac6bf9e6b003c2d5df6ed336306314f0be0e

SHA512
424b5d6c2c30f0557320585cfabfd67fd72ea038f83b15e4a8e5dfe24cb327408e9b450d1456f0a65fbf4d21b2a5125d3205263559494a5963ff7bfc8536dcd7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe

Filesize
468KB

MD5
bf9dab706d0303770040345a8df98821

SHA1
4a1fb13b42883ab0c91f9b9c564d3ccb776f3194

SHA256
ecaa8afd53bcaa135bbce3df4015dc4a4fcce38cebbe6cbc19a79dc5b4185bec

SHA512
cb81fa42a28b9fc08912892f4d408166befd3b06de55f7cf0700200c222b62f3277f8009723144dd11d6692ed76ff3b6758f003806df044f3bbd5e6810335c9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe

Filesize
468KB

MD5
37acc5bf7aa9cafdccc6747d36b3453f

SHA1
e9f79aca104bae9346268f7820e14b11c8d5c9d7

SHA256
b84f95cf2ce55faf4ff094aeb129cdf86d70b2a8eef584eb827cc37f2272ee3a

SHA512
d602a2c2c4d746a7ce845bca191b73b6c383ac727ae2afa824c472c7700cd85a90f39412cd8057e93c1267d7fdef0aab5771b9d81d8eb750969dd34ce50e9574

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe

Filesize
468KB

MD5
2e717191def078ff722051e5bad528bb

SHA1
f0d4327a515f94c7a6e9ed4b8d43576579c17a26

SHA256
148c9df194ebca9036754d2fa5c19e82031adb7664818f45bdbb3d5a9fdf63d5

SHA512
4acc6b6b5c1478053e737659f58d4a7c0c4627584f28eced9f5335000790221f50c3617551c3eb92c9da95809dfb5cc7e0e4f803627804b4f9b8e2729415f7fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe

Filesize
468KB

MD5
5daf8c61f492e8a0aebc5e9a1efdcee8

SHA1
fd08740b77d52839402f18976b67eaf19b8520bc

SHA256
82e08b72296b3f7816f60423a2567990b52f812d4f08a5bc2bd1dbdd7b2875bc

SHA512
6e31684232235912be3a9523d098f417074f5784636af066f00688f0b87bd55b7dded4d20b781f919cc4b2d1d5e456e31557d78ba8123516f350532a4080c964

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe

Filesize
468KB

MD5
da70b8ba55b1327e482c270ed20b4be5

SHA1
ff9bbc75b11d8e4f805bcf471d0cf42aaf74844a

SHA256
6a19c933b5d6386784dc5bea0719e9e7a2150dab19f7fe6e10c7b1ce8309bd3d

SHA512
e2f66d5cd7fef7d4affd4e4cd60dcc0a18fbf1e0008a6cb91a6157084731362ea05ca77894a1c711c7d250b13cab2d8ccdb9fdef5ffbaf2297f156e1c5c5176e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4085.exe

Filesize
468KB

MD5
6135a43664e9c5c937cc81c5d16b79d6

SHA1
55cf859a3bafbb01f10309ce1f7a8ac27e8bbe55

SHA256
a7a78ece7e3b09297de6de5c07e73f1b71fb38c0a625228574acccef27caddaf

SHA512
6cdf926f37b156ae4cb55db24ffc31ba3d3fd54f304593c5f19e266cc20e4df5cbe0f70dc785ebb08ca10ece6b88d4127c4b48417cef3f4e12e47dfff8059eb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe

Filesize
468KB

MD5
0b7e574c148b01591a85e2c1e4e16396

SHA1
9cf12a2c62abb30f3d7190223060bbed8118dcf5

SHA256
18d1eb223fef747a0c3657ead9cb35bf5539bfbe27fe7053b9739ebc48b92506

SHA512
fb36accba6aa5eb7f23eea5273f608a8c9e22da9c390c0bc3bd83ca3a20b7ebe5fb3e7db9f3ff675fc1b6c73cc67034e80b82d9af4a30aff82b964136c2f789b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe

Filesize
468KB

MD5
cae2be5ac44a86f7c1b9a6a26b3bcec0

SHA1
5709a4eacabf4b5d486599d7e98bfb4751ca7dcd

SHA256
f00962857a4234b7e835193cc32ff8f1db0eb0be2e2c4af0ab63b126f0f736f0

SHA512
3a4439a99dac97739b32e0419923369a0f55d8526325f999be244d7b54519d3efd0e66e367a5d1acff62ea25b40a597afd0f1c4d9e63c4ff02be15c4e66ca64a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-556.exe

Filesize
468KB

MD5
b4dccbbcd83bdfe0746673261333a306

SHA1
adf1b2aacb28448d78a524e753ba3dee29937ea7

SHA256
ca117b87654c380f6f9d1e75c2ad1dd433e14ca8fa123bfd325b075d7673723a

SHA512
c9db8ee207d2aec6c1d134c514de917912076564d4834488443982c415fd5a689cbaffe55e35af822c6016db8a75da17030494a323473ab9b78db5e2c47d9a13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe

Filesize
468KB

MD5
bf27dd22ebc45f6d833e35347589d3fb

SHA1
809d606de513508175da217502bb44a4ab6cde33

SHA256
33149918435d8c481eca9b99143c40c01b7d0a9381d97aa8319e3cf46b8a03f4

SHA512
3d81d00dc5b26057b44d95207f6289dd9b42590d19b0695cd77ddd907f2e21e81779dfb37ffaf8ca5242c39a77610d4da55116cda9c0ff22d79510d7649539e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe

Filesize
468KB

MD5
cafc32eea84dfaec83789ba267b7636e

SHA1
07df3f8dc05420ef0951dc0519604b50779ea66a

SHA256
7c04a09b78279c428c0a95b1e1df39d427fc42bee5f8b48bb7edd0891af189b0

SHA512
03aa59f9974c55c1dee891d5ca8133604b52ce47c1ef0130f384354513263363343c58457c61ebe4ef26dfbb79553dc05694a74896e881863a8d136441bb94ae

Download Submit