8c7a3225fab42976e657c88349abe7ff0e14b76bc0c864b948653a149fe5c420

Analysis

max time kernel
119s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90166acaf0942f1e097d5e946db0c990N.exe
Size

468KB
MD5

90166acaf0942f1e097d5e946db0c990
SHA1

349758c2c8edab2adb7cf4cba4568bf448089b86
SHA256

8c7a3225fab42976e657c88349abe7ff0e14b76bc0c864b948653a149fe5c420
SHA512

b99a7f8c874bbd4cf977f5d28f63182d2c2b8f01897fc019d24bf04b855018f8f61963684b511cefadc8ea76e866793604b4ac5cca3f9a368b4756236cca3b7a
SSDEEP

3072:6VgBogJFSS5BtgYtPzkjOf8/ECOtZnpsnbHhYEh7cUGMPXSCH3E+:6VSoPGBtTPgjOfHpaDcU/vSCH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1760	Unicorn-34499.exe
1724	Unicorn-274.exe
1688	Unicorn-52812.exe
2832	Unicorn-28713.exe
2760	Unicorn-30942.exe
3004	Unicorn-61769.exe
2968	Unicorn-2983.exe
2640	Unicorn-44826.exe
1228	Unicorn-13969.exe
976	Unicorn-34027.exe
1364	Unicorn-27722.exe
1732	Unicorn-27722.exe
1116	Unicorn-21591.exe
2616	Unicorn-27457.exe
2056	Unicorn-18328.exe
1568	Unicorn-63391.exe
2072	Unicorn-61123.exe
1372	Unicorn-15644.exe
2284	Unicorn-23931.exe
3032	Unicorn-35161.exe
1920	Unicorn-18062.exe
2296	Unicorn-59857.exe
2524	Unicorn-23847.exe
1496	Unicorn-35545.exe
1800	Unicorn-60049.exe
1780	Unicorn-51881.exe
1976	Unicorn-22695.exe
1244	Unicorn-20286.exe
1824	Unicorn-42945.exe
1668	Unicorn-12118.exe
2080	Unicorn-15103.exe
1380	Unicorn-16734.exe
1504	Unicorn-54429.exe
3052	Unicorn-37595.exe
1652	Unicorn-59146.exe
2708	Unicorn-30112.exe
2240	Unicorn-12550.exe
2508	Unicorn-32416.exe
2428	Unicorn-57112.exe
2844	Unicorn-27926.exe
2636	Unicorn-821.exe
2888	Unicorn-39816.exe
2812	Unicorn-6012.exe
2672	Unicorn-46083.exe
2684	Unicorn-5634.exe
2216	Unicorn-31093.exe
2076	Unicorn-56483.exe
1808	Unicorn-5244.exe
2220	Unicorn-38036.exe
1684	Unicorn-54829.exe
2136	Unicorn-45052.exe
2008	Unicorn-7548.exe
2976	Unicorn-24077.exe
1992	Unicorn-57818.exe
928	Unicorn-12488.exe
1016	Unicorn-26223.exe
2200	Unicorn-10271.exe
3024	Unicorn-41098.exe
2464	Unicorn-1793.exe
2108	Unicorn-58430.exe
2312	Unicorn-58430.exe
2444	Unicorn-6628.exe
668	Unicorn-12758.exe
752	Unicorn-5586.exe

Loads dropped DLL 64 IoCs

pid	Process
2152	90166acaf0942f1e097d5e946db0c990N.exe
2152	90166acaf0942f1e097d5e946db0c990N.exe
1760	Unicorn-34499.exe
2152	90166acaf0942f1e097d5e946db0c990N.exe
1760	Unicorn-34499.exe
2152	90166acaf0942f1e097d5e946db0c990N.exe
1724	Unicorn-274.exe
1724	Unicorn-274.exe
2152	90166acaf0942f1e097d5e946db0c990N.exe
1688	Unicorn-52812.exe
2152	90166acaf0942f1e097d5e946db0c990N.exe
1688	Unicorn-52812.exe
1760	Unicorn-34499.exe
1760	Unicorn-34499.exe
2832	Unicorn-28713.exe
2832	Unicorn-28713.exe
1724	Unicorn-274.exe
1724	Unicorn-274.exe
2968	Unicorn-2983.exe
2968	Unicorn-2983.exe
3004	Unicorn-61769.exe
3004	Unicorn-61769.exe
2760	Unicorn-30942.exe
1760	Unicorn-34499.exe
2760	Unicorn-30942.exe
2152	90166acaf0942f1e097d5e946db0c990N.exe
1760	Unicorn-34499.exe
2152	90166acaf0942f1e097d5e946db0c990N.exe
1688	Unicorn-52812.exe
1688	Unicorn-52812.exe
2640	Unicorn-44826.exe
2640	Unicorn-44826.exe
2832	Unicorn-28713.exe
2832	Unicorn-28713.exe
1116	Unicorn-21591.exe
1116	Unicorn-21591.exe
1760	Unicorn-34499.exe
1760	Unicorn-34499.exe
2616	Unicorn-27457.exe
2616	Unicorn-27457.exe
2152	90166acaf0942f1e097d5e946db0c990N.exe
1364	Unicorn-27722.exe
1364	Unicorn-27722.exe
2152	90166acaf0942f1e097d5e946db0c990N.exe
3004	Unicorn-61769.exe
3004	Unicorn-61769.exe
1732	Unicorn-27722.exe
1732	Unicorn-27722.exe
1228	Unicorn-13969.exe
1228	Unicorn-13969.exe
2056	Unicorn-18328.exe
2056	Unicorn-18328.exe
2760	Unicorn-30942.exe
2760	Unicorn-30942.exe
1724	Unicorn-274.exe
1724	Unicorn-274.exe
976	Unicorn-34027.exe
976	Unicorn-34027.exe
1688	Unicorn-52812.exe
1688	Unicorn-52812.exe
2968	Unicorn-2983.exe
2968	Unicorn-2983.exe
1568	Unicorn-63391.exe
1568	Unicorn-63391.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32292.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2152	90166acaf0942f1e097d5e946db0c990N.exe
1760	Unicorn-34499.exe
1724	Unicorn-274.exe
1688	Unicorn-52812.exe
2832	Unicorn-28713.exe
3004	Unicorn-61769.exe
2760	Unicorn-30942.exe
2968	Unicorn-2983.exe
2640	Unicorn-44826.exe
1228	Unicorn-13969.exe
976	Unicorn-34027.exe
1732	Unicorn-27722.exe
2616	Unicorn-27457.exe
1364	Unicorn-27722.exe
1116	Unicorn-21591.exe
2056	Unicorn-18328.exe
1568	Unicorn-63391.exe
2072	Unicorn-61123.exe
1372	Unicorn-15644.exe
2284	Unicorn-23931.exe
2296	Unicorn-59857.exe
1920	Unicorn-18062.exe
3032	Unicorn-35161.exe
2524	Unicorn-23847.exe
1496	Unicorn-35545.exe
1800	Unicorn-60049.exe
1780	Unicorn-51881.exe
1976	Unicorn-22695.exe
2080	Unicorn-15103.exe
1244	Unicorn-20286.exe
1824	Unicorn-42945.exe
1668	Unicorn-12118.exe
1380	Unicorn-16734.exe
1504	Unicorn-54429.exe
3052	Unicorn-37595.exe
1652	Unicorn-59146.exe
2708	Unicorn-30112.exe
2240	Unicorn-12550.exe
2428	Unicorn-57112.exe
2508	Unicorn-32416.exe
2844	Unicorn-27926.exe
2636	Unicorn-821.exe
2888	Unicorn-39816.exe
2672	Unicorn-46083.exe
2812	Unicorn-6012.exe
2684	Unicorn-5634.exe
2216	Unicorn-31093.exe
2076	Unicorn-56483.exe
1684	Unicorn-54829.exe
2220	Unicorn-38036.exe
2136	Unicorn-45052.exe
2008	Unicorn-7548.exe
2976	Unicorn-24077.exe
1808	Unicorn-5244.exe
1992	Unicorn-57818.exe
3024	Unicorn-41098.exe
928	Unicorn-12488.exe
2200	Unicorn-10271.exe
1016	Unicorn-26223.exe
2464	Unicorn-1793.exe
2108	Unicorn-58430.exe
2444	Unicorn-6628.exe
2312	Unicorn-58430.exe
668	Unicorn-12758.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 1760	2152	90166acaf0942f1e097d5e946db0c990N.exe	29
PID 2152 wrote to memory of 1760	2152	90166acaf0942f1e097d5e946db0c990N.exe	29
PID 2152 wrote to memory of 1760	2152	90166acaf0942f1e097d5e946db0c990N.exe	29
PID 2152 wrote to memory of 1760	2152	90166acaf0942f1e097d5e946db0c990N.exe	29
PID 1760 wrote to memory of 1688	1760	Unicorn-34499.exe	30
PID 1760 wrote to memory of 1688	1760	Unicorn-34499.exe	30
PID 1760 wrote to memory of 1688	1760	Unicorn-34499.exe	30
PID 1760 wrote to memory of 1688	1760	Unicorn-34499.exe	30
PID 2152 wrote to memory of 1724	2152	90166acaf0942f1e097d5e946db0c990N.exe	31
PID 2152 wrote to memory of 1724	2152	90166acaf0942f1e097d5e946db0c990N.exe	31
PID 2152 wrote to memory of 1724	2152	90166acaf0942f1e097d5e946db0c990N.exe	31
PID 2152 wrote to memory of 1724	2152	90166acaf0942f1e097d5e946db0c990N.exe	31
PID 1724 wrote to memory of 2832	1724	Unicorn-274.exe	32
PID 1724 wrote to memory of 2832	1724	Unicorn-274.exe	32
PID 1724 wrote to memory of 2832	1724	Unicorn-274.exe	32
PID 1724 wrote to memory of 2832	1724	Unicorn-274.exe	32
PID 2152 wrote to memory of 2760	2152	90166acaf0942f1e097d5e946db0c990N.exe	33
PID 2152 wrote to memory of 2760	2152	90166acaf0942f1e097d5e946db0c990N.exe	33
PID 2152 wrote to memory of 2760	2152	90166acaf0942f1e097d5e946db0c990N.exe	33
PID 2152 wrote to memory of 2760	2152	90166acaf0942f1e097d5e946db0c990N.exe	33
PID 1688 wrote to memory of 3004	1688	Unicorn-52812.exe	34
PID 1688 wrote to memory of 3004	1688	Unicorn-52812.exe	34
PID 1688 wrote to memory of 3004	1688	Unicorn-52812.exe	34
PID 1688 wrote to memory of 3004	1688	Unicorn-52812.exe	34
PID 1760 wrote to memory of 2968	1760	Unicorn-34499.exe	35
PID 1760 wrote to memory of 2968	1760	Unicorn-34499.exe	35
PID 1760 wrote to memory of 2968	1760	Unicorn-34499.exe	35
PID 1760 wrote to memory of 2968	1760	Unicorn-34499.exe	35
PID 2832 wrote to memory of 2640	2832	Unicorn-28713.exe	36
PID 2832 wrote to memory of 2640	2832	Unicorn-28713.exe	36
PID 2832 wrote to memory of 2640	2832	Unicorn-28713.exe	36
PID 2832 wrote to memory of 2640	2832	Unicorn-28713.exe	36
PID 1724 wrote to memory of 1228	1724	Unicorn-274.exe	37
PID 1724 wrote to memory of 1228	1724	Unicorn-274.exe	37
PID 1724 wrote to memory of 1228	1724	Unicorn-274.exe	37
PID 1724 wrote to memory of 1228	1724	Unicorn-274.exe	37
PID 2968 wrote to memory of 976	2968	Unicorn-2983.exe	38
PID 2968 wrote to memory of 976	2968	Unicorn-2983.exe	38
PID 2968 wrote to memory of 976	2968	Unicorn-2983.exe	38
PID 2968 wrote to memory of 976	2968	Unicorn-2983.exe	38
PID 3004 wrote to memory of 1364	3004	Unicorn-61769.exe	39
PID 3004 wrote to memory of 1364	3004	Unicorn-61769.exe	39
PID 3004 wrote to memory of 1364	3004	Unicorn-61769.exe	39
PID 3004 wrote to memory of 1364	3004	Unicorn-61769.exe	39
PID 2760 wrote to memory of 1732	2760	Unicorn-30942.exe	40
PID 2760 wrote to memory of 1732	2760	Unicorn-30942.exe	40
PID 2760 wrote to memory of 1732	2760	Unicorn-30942.exe	40
PID 2760 wrote to memory of 1732	2760	Unicorn-30942.exe	40
PID 1760 wrote to memory of 1116	1760	Unicorn-34499.exe	41
PID 1760 wrote to memory of 1116	1760	Unicorn-34499.exe	41
PID 1760 wrote to memory of 1116	1760	Unicorn-34499.exe	41
PID 1760 wrote to memory of 1116	1760	Unicorn-34499.exe	41
PID 2152 wrote to memory of 2616	2152	90166acaf0942f1e097d5e946db0c990N.exe	42
PID 2152 wrote to memory of 2616	2152	90166acaf0942f1e097d5e946db0c990N.exe	42
PID 2152 wrote to memory of 2616	2152	90166acaf0942f1e097d5e946db0c990N.exe	42
PID 2152 wrote to memory of 2616	2152	90166acaf0942f1e097d5e946db0c990N.exe	42
PID 1688 wrote to memory of 2056	1688	Unicorn-52812.exe	43
PID 1688 wrote to memory of 2056	1688	Unicorn-52812.exe	43
PID 1688 wrote to memory of 2056	1688	Unicorn-52812.exe	43
PID 1688 wrote to memory of 2056	1688	Unicorn-52812.exe	43
PID 2640 wrote to memory of 1568	2640	Unicorn-44826.exe	44
PID 2640 wrote to memory of 1568	2640	Unicorn-44826.exe	44
PID 2640 wrote to memory of 1568	2640	Unicorn-44826.exe	44
PID 2640 wrote to memory of 1568	2640	Unicorn-44826.exe	44

C:\Users\Admin\AppData\Local\Temp\90166acaf0942f1e097d5e946db0c990N.exe
"C:\Users\Admin\AppData\Local\Temp\90166acaf0942f1e097d5e946db0c990N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        7⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        7⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9181.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        6⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15903.exe
        7⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
        6⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        6⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        6⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        5⤵
        
        PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        7⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65052.exe
        6⤵
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        6⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        6⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51283.exe
        5⤵
        
        PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        5⤵
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
        6⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
        6⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        5⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        5⤵
        
        PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        5⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        5⤵
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3727.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        5⤵
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
      4⤵
      PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
      4⤵
      PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10889.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
      4⤵
      PID:4876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
        6⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        6⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        6⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        7⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        6⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        6⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        5⤵
        
        PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52245.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
        7⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        7⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        6⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        6⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        5⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        5⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        5⤵
        
        PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10271.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        5⤵
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
      4⤵
      PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        6⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50252.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        6⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        5⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        5⤵
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11605.exe
      4⤵
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      4⤵
      PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
      4⤵
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
      4⤵
      PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28509.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
        5⤵
        
        PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
      4⤵
      PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
      4⤵
      PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      4⤵
      PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
      4⤵
      PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
      4⤵
      PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
      4⤵
      PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
    3⤵
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
    3⤵
    PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
    3⤵
    PID:4948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        7⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        7⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        6⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        6⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1793.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        7⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        6⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
        6⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        5⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17748.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        6⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1736.exe
        6⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26063.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1713.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        5⤵
        
        PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
      4⤵
      PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
      4⤵
      PID:4248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
        6⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        6⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        6⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        5⤵
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
        5⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19627.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        5⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
      4⤵
      PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      4⤵
      PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
      4⤵
      PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        5⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      4⤵
      PID:4616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
    3⤵
    - Executes dropped EXE
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
      4⤵
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
      4⤵
      PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8626.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      4⤵
      PID:4732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48066.exe
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19209.exe
    3⤵
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
    3⤵
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
    3⤵
    PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
    3⤵
    PID:4392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
        5⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        5⤵
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        5⤵
        
        PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
      4⤵
      PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
      4⤵
      PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        5⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        6⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        5⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
        5⤵
        
        PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
      4⤵
      PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      4⤵
      PID:268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23465.exe
      4⤵
      PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
      4⤵
      PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
      4⤵
      PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
      4⤵
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
    3⤵
    PID:2260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
    3⤵
    PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
    3⤵
    PID:3356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
    3⤵
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
    3⤵
    PID:4524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        5⤵
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
      4⤵
      PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
      4⤵
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
      4⤵
      PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
    3⤵
    PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
    3⤵
    PID:1864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4370.exe
    3⤵
    PID:5080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
      4⤵
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
      4⤵
      PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45418.exe
    3⤵
    PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
    3⤵
    PID:4004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
    3⤵
    PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
    3⤵
    PID:4764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
    3⤵
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
      4⤵
      PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
      4⤵
      PID:4400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
    3⤵
    PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
    3⤵
    PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
    3⤵
    PID:4696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
  2⤵
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
    3⤵
    PID:1092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
    3⤵
    PID:4564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42480.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42480.exe
  2⤵
  PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2681.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2681.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
  2⤵
  PID:3776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
  2⤵
  PID:3636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe

Filesize
468KB

MD5
e664669be3d4fe1fb120e60e7369566f

SHA1
8309952b53d1cf9ba61c68e850e27a2ab45a44fb

SHA256
838802e2c20d69c82e7935f14590ab77de1561b3c5655e380b7f71e8968b25b2

SHA512
ccd163c0070f4c0d79c8278fe1a323ca9a661a50f7521ddd83f108f54a7e4bd589f8f46cc1c78be5323f05b35576019b14956ec73dc6fbfaebaee9b16c3244cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe

Filesize
468KB

MD5
ddc2bc2c7b4d2b688e8afec45bded1fc

SHA1
40ee3edb42e27c87a5d95b34bccc318a7fabdad0

SHA256
994ab7516be6394e325ea8a0b4858bcea384b2f723437c6b2ec8775814fc86a5

SHA512
3e8144e9234462d2051e3cd74337fbe097cf5f184efc26d3a53a3475c1c94b977cc3874a121e06b69eed5d423afab63ebcd62da1788d8956b4cecbb272c49de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe

Filesize
468KB

MD5
71ba5644cddde638d46e7f8e242ca8f1

SHA1
9d93628533e6699a48ec0c5f2e1dde1a317cc93d

SHA256
d6e0d242ed14530cf847f6e87184792beaedb0a2e82c5ca37b2d3274d76744cd

SHA512
f2cabdebebca92425e90bb2c6fc26c3d628e9bea80f449e7c8dcbb6803f275a4abef818cd7921c7b1b6127ed4f0e9bef31d0cba9890aa4f1f1d871bf409d2a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe

Filesize
468KB

MD5
feba5095433340bf23247b1f7d543d6d

SHA1
89f8c86bfec44b87b8654b061bfe29aea54e6b31

SHA256
71cadbcbf3f59efd3d6353ed6e181ebaaceca4565c3188416c11af006a701d4f

SHA512
09fd2981c1e445af14cec38826dd895901499f1d188349ad982fbe582dc2f84b7ffeac304ba0bd6f52032c31b7af8f0deb8d432b897c150baf2ed9a88c5dc3e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe

Filesize
468KB

MD5
8a676b6694739d9c7ab7460a09fc901b

SHA1
a1ffddeafe941e04e14ec2a2be860f616a063148

SHA256
6d1cfd67d3229071b4f0cb597bd160605f118a0bd6cc233d79b47c134984ecc9

SHA512
a374b396e7db7346dcacbd6b6092e819930de9552cfc87ef30ed918f028b5fd9d47b2e94a7ebeb0528dabb03f547330be155056feca29f0c17f7535eccaff725

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe

Filesize
468KB

MD5
98b9e76f3bd69242000acd2e6d122151

SHA1
6a39a775181a5962269096f70da4492a583244c7

SHA256
065460798c4f49249b51fd4dca1536bef4da75c4e444ed3393157326bb10b760

SHA512
2aca12a2c13ac3dfdfb1908fa259001f18783eb220eb9af408756c78f703810fe4c5aa7de09575cc939f72e88f345c26a848f108261d363c397efa74ab7b2f3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe

Filesize
468KB

MD5
c31d5a9a541128c6523cd9c1e32a4b46

SHA1
c851ab1baae16502711fac3c052f2a3fe3235a45

SHA256
9ff26d94690903884cc827fd4b145c869c615af0fa3a5e84b896245b62d546b1

SHA512
65fdf663ca9a0c8439ebed4cc5c6834d6bd27ac5afd34f4c5a3874a8f97489000c1963789b15ac6d5545cf75679cf5f3cf0c206fefc8b973a68088ee6f1bce8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe

Filesize
468KB

MD5
afe2392af208360edc39c0b7fe707acf

SHA1
fecb95fa2d0478f8cecdf58cd8faa3bdb4c3a528

SHA256
13a2e45f8e6306b1bf954ead30886a751a84355bf810aa959298017cdb12e1dc

SHA512
f0f58e6d0e1d6df1272532b0ecb5dc09c901935682aaa3f664cfbcd0d5cc40771714b319bda64919a925125a9667994febd679726d1d4614785ab23d1bf599ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-274.exe

Filesize
468KB

MD5
c4f1226f1abf8834c0475227437addfc

SHA1
90f072510e9b2e84a4d68c39c0f5591aa66be77e

SHA256
67abb08965b95c653116f33dd2a97200aad6089acc9b6a671bd8b0d35f7a1a0c

SHA512
8f114654386636bffb3dbd10fafa0c1002314424e210a5ecf74d3226cf0b939e08ce14faa7bb8dedacf2d4e253c1b485cef5705b4111e9e2abe5fbe8301a6f2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe

Filesize
468KB

MD5
e5c5ffb4c33d63c8677f3836f3ff19f5

SHA1
8d0b36700dc656c4209716a836ba8aa7d2e1b0c3

SHA256
8ff649dc51ebe575766ed7a4e3c940888db7b6cd25cb5786e3dea8f906439b5c

SHA512
9377c08bcfa29f583be17fa9036d27c7561c33fa67cf93a0c7834654bf703aecc4a11cc76c3e43e0d2889f860ac421796dcf0e47b1f584e0de36631255354063

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe

Filesize
468KB

MD5
20da15e3029ec38ebb0d4f22ac87aa50

SHA1
415f8c86eb4e67fd57a2c9eec7b16eae3e48dda9

SHA256
bad7e71f341e346a2f3e6b3874800fd607db6a569b8a219c608df3663430efbd

SHA512
f59a4fb09a6071184c303510b48f0f8656a9ca39e3242a17462eb87dec97438a830e3e70dbb5142f997af200d2d347ebb21a4de094e9944fbf917ca354f0a5e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe

Filesize
468KB

MD5
79088de4d4a078a6269d33eb316c23fa

SHA1
6177a143c0e8c6e613ff7d67e8c9f8495cfb1f10

SHA256
876456a452ec1835b1a2556039db5c92b2ef131daf00b5a8e762b88b53012b95

SHA512
849ddc272ef9846363decc4a468c89713135ccfeeffda962ed05590722a702c1f3648ddc61a68fcc87a31ac316b0ee072ac6a04ac354fd23699a3e7eab6640ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe

Filesize
468KB

MD5
4ff97358ac3631b45c8311cbed2ee18d

SHA1
5a04f7507976df1aa4a8d690b26c49ad001934dd

SHA256
e918ba5baca970edbc3b9f2cbc11d58c67f7d540e1df7d587a41a78e68cbc532

SHA512
02c826244fd33da7c73e29d16cb32e2c6d00d73f1f4583a1b52cac038b1ec9abe1008b8acc579d96479cb0214185bb9eb9c86dec65d05fb83a381b84efe06f4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe

Filesize
468KB

MD5
95353dd00b4a4cf75cdb2ed14b3b2dec

SHA1
50bcd518f22479b9e36811d6ee2082313e5f275b

SHA256
0da465631db07e752a0327934e710a715e430532cf8ff5e416920cfc0552b65f

SHA512
ee46d4bae8871b1857783eda7a8a3d9ef2e4f8cfd30c952bc7156361b890a0e86c7e97caf4056accdf40be54c4955a9356d1261967ee704c1ac7ee6ab3cd5c0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe

Filesize
468KB

MD5
7b5e61e4970260d6a4ee7a40f8c3521a

SHA1
563b55150d55cf7d487ab147fd4ec166c2610b8c

SHA256
a274a707117bda28ffd5c1791fb400504b8fe04de4d457e41cf683e347e29ff9

SHA512
be09fa24e2d6e374ed7a2771be4a7266f673893435e0512af738effe8e5b8114ddc938687b918902c84713f95b2de94afcd63b67b9d18b67d3721d234c5bea93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe

Filesize
468KB

MD5
8d46248e73a09c1e91349b97b580c6b8

SHA1
06b0cf6fc48035ae48951456bc5792bbd9ee6729

SHA256
4a59e133ac20730798502bb9f1035a3f44b478bbf313e6d2aa3bdcfe1ff9bdc0

SHA512
ffdc1f2e9b0f89e91bccd4d96f10a9a374849ceada2a42968165af3f5d5f2408684161477a59048ac3390ab7e1208809a5939e8afe8f8810441eb982dfed7669

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe

Filesize
468KB

MD5
df886cd20387a000098f220e7145cbc0

SHA1
ee3ce4ce4067313a1bad7d053b210226fdcc4b2b

SHA256
d0a45675914872b0dbc7c2337a4885998895fb5d91325bd3ca60deee8b6e22b5

SHA512
ce3b97e277b8a4c7e8b6b4b27f1e62c68446e6c813477e0b695b1f9e5c57f383d1828acdc43946f317db4f54562618c719389f18ab8c5fd32ad3cceacc5a462f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe

Filesize
468KB

MD5
905133b8b376415d0d4457e1ee85c281

SHA1
23d0f00131813604162c3d55a441057c9ab68288

SHA256
e8e31e3afa56ef472149af87f92221324a5fe9fb94428b1abffdc74953d7e4d3

SHA512
27a88ce2a112ffe8835d42b053c9fe25a25b4a13e7d96f0117e18997a43096d45c564d0d8a972f3756ef2049ac36e91daadc271318b8230450793bc84df76356

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe

Filesize
468KB

MD5
8f832327fb21847b556e97562817bbca

SHA1
ac9dcd2ce42a92796d9bea025364527107f844e8

SHA256
aa94a03627a46705ed39e1c9b01ae620eafa3fbec827797fac58f6a58023c073

SHA512
8baa41a9d3a57b03f040431a7e228ee8f07b73ebc8e5dab0de6dffc93cd0024e1fea37726e11fed0b05b6b758baf56943893aeef355e836936942a0519d09f45

Download Submit