6c5ddc2fd86d3686e4a46e63bb9d40f1f0aaf6c429934b3e354d566767a7c8a2

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 22:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

da86b0ee11f17d1f1ec83cab37960340N.exe
Size

468KB
MD5

da86b0ee11f17d1f1ec83cab37960340
SHA1

67fa6363059fcacde89d4dba99e7897c0cdc5c8f
SHA256

6c5ddc2fd86d3686e4a46e63bb9d40f1f0aaf6c429934b3e354d566767a7c8a2
SHA512

68355bdb384f5d162d6547e5b41dd066bcef5d762dbc3d31b64440b7f96b186211cee80057a05c9e7dc70567a3ad76f3895301aeee38d6b4a9f8aaf6748c00b6
SSDEEP

3072:4MevogI/IU57tbYEPzmjbfD/ECLHwIp9QmHeMVY678CLRPdusgl6:4M+oKc7t7Pqjbfy0ko78Exdus

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2948	Unicorn-56020.exe
2756	Unicorn-33545.exe
2884	Unicorn-5511.exe
2992	Unicorn-21340.exe
2788	Unicorn-12979.exe
2684	Unicorn-41660.exe
2708	Unicorn-36860.exe
2632	Unicorn-28029.exe
284	Unicorn-24499.exe
2192	Unicorn-19669.exe
1328	Unicorn-65361.exe
1576	Unicorn-26202.exe
1680	Unicorn-34726.exe
1064	Unicorn-6601.exe
2840	Unicorn-53109.exe
1760	Unicorn-61853.exe
1664	Unicorn-56378.exe
2124	Unicorn-37733.exe
2496	Unicorn-62237.exe
1944	Unicorn-13591.exe
1940	Unicorn-1753.exe
2516	Unicorn-13036.exe
2160	Unicorn-53883.exe
2608	Unicorn-42393.exe
1472	Unicorn-19320.exe
2000	Unicorn-291.exe
1308	Unicorn-63425.exe
960	Unicorn-28880.exe
2524	Unicorn-19128.exe
2360	Unicorn-38994.exe
2436	Unicorn-31493.exe
1120	Unicorn-46176.exe
2212	Unicorn-36424.exe
2604	Unicorn-9227.exe
756	Unicorn-9127.exe
3064	Unicorn-17204.exe
3004	Unicorn-42454.exe
2904	Unicorn-27510.exe
2916	Unicorn-6274.exe
2332	Unicorn-36254.exe
2764	Unicorn-14250.exe
3068	Unicorn-52398.exe
2680	Unicorn-11172.exe
884	Unicorn-13010.exe
2688	Unicorn-13285.exe
2492	Unicorn-13550.exe
2512	Unicorn-13550.exe
2152	Unicorn-62651.exe
1256	Unicorn-17443.exe
2748	Unicorn-16051.exe
2356	Unicorn-30249.exe
1788	Unicorn-17561.exe
848	Unicorn-17827.exe
1448	Unicorn-30633.exe
2060	Unicorn-30655.exe
1840	Unicorn-24524.exe
2268	Unicorn-30655.exe
2344	Unicorn-43461.exe
1044	Unicorn-7904.exe
788	Unicorn-21479.exe
1100	Unicorn-21479.exe
2440	Unicorn-55543.exe
2004	Unicorn-20541.exe
1648	Unicorn-47930.exe

Loads dropped DLL 64 IoCs

pid	Process
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
2948	Unicorn-56020.exe
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
2948	Unicorn-56020.exe
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
2884	Unicorn-5511.exe
2884	Unicorn-5511.exe
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
2756	Unicorn-33545.exe
2756	Unicorn-33545.exe
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
2948	Unicorn-56020.exe
2948	Unicorn-56020.exe
2992	Unicorn-21340.exe
2992	Unicorn-21340.exe
2884	Unicorn-5511.exe
2884	Unicorn-5511.exe
2684	Unicorn-41660.exe
2684	Unicorn-41660.exe
2788	Unicorn-12979.exe
2788	Unicorn-12979.exe
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
2756	Unicorn-33545.exe
2948	Unicorn-56020.exe
2756	Unicorn-33545.exe
2948	Unicorn-56020.exe
2708	Unicorn-36860.exe
2708	Unicorn-36860.exe
2632	Unicorn-28029.exe
2632	Unicorn-28029.exe
2992	Unicorn-21340.exe
2992	Unicorn-21340.exe
2192	Unicorn-19669.exe
2192	Unicorn-19669.exe
284	Unicorn-24499.exe
284	Unicorn-24499.exe
2684	Unicorn-41660.exe
2684	Unicorn-41660.exe
2884	Unicorn-5511.exe
2884	Unicorn-5511.exe
1576	Unicorn-26202.exe
1576	Unicorn-26202.exe
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
1328	Unicorn-65361.exe
1328	Unicorn-65361.exe
2788	Unicorn-12979.exe
2788	Unicorn-12979.exe
1680	Unicorn-34726.exe
1680	Unicorn-34726.exe
2948	Unicorn-56020.exe
2948	Unicorn-56020.exe
2840	Unicorn-53109.exe
2840	Unicorn-53109.exe
2708	Unicorn-36860.exe
2708	Unicorn-36860.exe
1064	Unicorn-6601.exe
1064	Unicorn-6601.exe
2756	Unicorn-33545.exe
2756	Unicorn-33545.exe
1760	Unicorn-61853.exe
1760	Unicorn-61853.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53578.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1320	da86b0ee11f17d1f1ec83cab37960340N.exe
2948	Unicorn-56020.exe
2884	Unicorn-5511.exe
2756	Unicorn-33545.exe
2992	Unicorn-21340.exe
2788	Unicorn-12979.exe
2684	Unicorn-41660.exe
2708	Unicorn-36860.exe
2632	Unicorn-28029.exe
284	Unicorn-24499.exe
2192	Unicorn-19669.exe
1328	Unicorn-65361.exe
1576	Unicorn-26202.exe
1680	Unicorn-34726.exe
1064	Unicorn-6601.exe
2840	Unicorn-53109.exe
1760	Unicorn-61853.exe
1664	Unicorn-56378.exe
2124	Unicorn-37733.exe
2496	Unicorn-62237.exe
1940	Unicorn-1753.exe
2516	Unicorn-13036.exe
1944	Unicorn-13591.exe
2160	Unicorn-53883.exe
2608	Unicorn-42393.exe
2000	Unicorn-291.exe
1472	Unicorn-19320.exe
960	Unicorn-28880.exe
1308	Unicorn-63425.exe
2360	Unicorn-38994.exe
2524	Unicorn-19128.exe
2436	Unicorn-31493.exe
1120	Unicorn-46176.exe
2212	Unicorn-36424.exe
2604	Unicorn-9227.exe
756	Unicorn-9127.exe
3064	Unicorn-17204.exe
2904	Unicorn-27510.exe
3004	Unicorn-42454.exe
2916	Unicorn-6274.exe
2332	Unicorn-36254.exe
2764	Unicorn-14250.exe
3068	Unicorn-52398.exe
2680	Unicorn-11172.exe
884	Unicorn-13010.exe
2492	Unicorn-13550.exe
2688	Unicorn-13285.exe
2512	Unicorn-13550.exe
2152	Unicorn-62651.exe
1256	Unicorn-17443.exe
2748	Unicorn-16051.exe
2356	Unicorn-30249.exe
1788	Unicorn-17561.exe
848	Unicorn-17827.exe
2344	Unicorn-43461.exe
2060	Unicorn-30655.exe
1448	Unicorn-30633.exe
1840	Unicorn-24524.exe
1044	Unicorn-7904.exe
2268	Unicorn-30655.exe
788	Unicorn-21479.exe
1100	Unicorn-21479.exe
2440	Unicorn-55543.exe
2004	Unicorn-20541.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 2948	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	29
PID 1320 wrote to memory of 2948	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	29
PID 1320 wrote to memory of 2948	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	29
PID 1320 wrote to memory of 2948	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	29
PID 2948 wrote to memory of 2756	2948	Unicorn-56020.exe	30
PID 1320 wrote to memory of 2884	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	31
PID 1320 wrote to memory of 2884	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	31
PID 2948 wrote to memory of 2756	2948	Unicorn-56020.exe	30
PID 1320 wrote to memory of 2884	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	31
PID 2948 wrote to memory of 2756	2948	Unicorn-56020.exe	30
PID 1320 wrote to memory of 2884	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	31
PID 2948 wrote to memory of 2756	2948	Unicorn-56020.exe	30
PID 2884 wrote to memory of 2992	2884	Unicorn-5511.exe	32
PID 2884 wrote to memory of 2992	2884	Unicorn-5511.exe	32
PID 2884 wrote to memory of 2992	2884	Unicorn-5511.exe	32
PID 2884 wrote to memory of 2992	2884	Unicorn-5511.exe	32
PID 2756 wrote to memory of 2788	2756	Unicorn-33545.exe	34
PID 2756 wrote to memory of 2788	2756	Unicorn-33545.exe	34
PID 2756 wrote to memory of 2788	2756	Unicorn-33545.exe	34
PID 2756 wrote to memory of 2788	2756	Unicorn-33545.exe	34
PID 1320 wrote to memory of 2684	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	33
PID 1320 wrote to memory of 2684	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	33
PID 1320 wrote to memory of 2684	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	33
PID 1320 wrote to memory of 2684	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	33
PID 2948 wrote to memory of 2708	2948	Unicorn-56020.exe	35
PID 2948 wrote to memory of 2708	2948	Unicorn-56020.exe	35
PID 2948 wrote to memory of 2708	2948	Unicorn-56020.exe	35
PID 2948 wrote to memory of 2708	2948	Unicorn-56020.exe	35
PID 2992 wrote to memory of 2632	2992	Unicorn-21340.exe	36
PID 2992 wrote to memory of 2632	2992	Unicorn-21340.exe	36
PID 2992 wrote to memory of 2632	2992	Unicorn-21340.exe	36
PID 2992 wrote to memory of 2632	2992	Unicorn-21340.exe	36
PID 2884 wrote to memory of 284	2884	Unicorn-5511.exe	37
PID 2884 wrote to memory of 284	2884	Unicorn-5511.exe	37
PID 2884 wrote to memory of 284	2884	Unicorn-5511.exe	37
PID 2884 wrote to memory of 284	2884	Unicorn-5511.exe	37
PID 2684 wrote to memory of 2192	2684	Unicorn-41660.exe	38
PID 2684 wrote to memory of 2192	2684	Unicorn-41660.exe	38
PID 2684 wrote to memory of 2192	2684	Unicorn-41660.exe	38
PID 2684 wrote to memory of 2192	2684	Unicorn-41660.exe	38
PID 2788 wrote to memory of 1328	2788	Unicorn-12979.exe	39
PID 2788 wrote to memory of 1328	2788	Unicorn-12979.exe	39
PID 2788 wrote to memory of 1328	2788	Unicorn-12979.exe	39
PID 2788 wrote to memory of 1328	2788	Unicorn-12979.exe	39
PID 1320 wrote to memory of 1576	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	40
PID 1320 wrote to memory of 1576	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	40
PID 1320 wrote to memory of 1576	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	40
PID 1320 wrote to memory of 1576	1320	da86b0ee11f17d1f1ec83cab37960340N.exe	40
PID 2756 wrote to memory of 1064	2756	Unicorn-33545.exe	41
PID 2756 wrote to memory of 1064	2756	Unicorn-33545.exe	41
PID 2756 wrote to memory of 1064	2756	Unicorn-33545.exe	41
PID 2756 wrote to memory of 1064	2756	Unicorn-33545.exe	41
PID 2948 wrote to memory of 1680	2948	Unicorn-56020.exe	42
PID 2948 wrote to memory of 1680	2948	Unicorn-56020.exe	42
PID 2948 wrote to memory of 1680	2948	Unicorn-56020.exe	42
PID 2948 wrote to memory of 1680	2948	Unicorn-56020.exe	42
PID 2708 wrote to memory of 2840	2708	Unicorn-36860.exe	43
PID 2708 wrote to memory of 2840	2708	Unicorn-36860.exe	43
PID 2708 wrote to memory of 2840	2708	Unicorn-36860.exe	43
PID 2708 wrote to memory of 2840	2708	Unicorn-36860.exe	43
PID 2632 wrote to memory of 1760	2632	Unicorn-28029.exe	44
PID 2632 wrote to memory of 1760	2632	Unicorn-28029.exe	44
PID 2632 wrote to memory of 1760	2632	Unicorn-28029.exe	44
PID 2632 wrote to memory of 1760	2632	Unicorn-28029.exe	44

C:\Users\Admin\AppData\Local\Temp\da86b0ee11f17d1f1ec83cab37960340N.exe
"C:\Users\Admin\AppData\Local\Temp\da86b0ee11f17d1f1ec83cab37960340N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        7⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        7⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        6⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        6⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        7⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        6⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        6⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        5⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        5⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18071.exe
        6⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        5⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        5⤵
        
        PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        7⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
        6⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        6⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47930.exe
        5⤵
        Executes dropped EXE
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50368.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        6⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
        6⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        5⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        5⤵
        
        PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-917.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
      4⤵
      PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36543.exe
        6⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        5⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        5⤵
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
        5⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        6⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        6⤵
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        6⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        6⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        5⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        5⤵
        
        PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        5⤵
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        5⤵
        
        PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        6⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
        6⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        5⤵
        
        PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30249.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        5⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
      4⤵
      PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
      4⤵
      PID:4520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
      4⤵
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        5⤵
        
        PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
      4⤵
      PID:4328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
    3⤵
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
    3⤵
    PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
    3⤵
    PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61853.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        6⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28076.exe
        7⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        7⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        6⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        6⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
        5⤵
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
        5⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        5⤵
        
        PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        6⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        6⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        5⤵
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62890.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
        5⤵
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        5⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        5⤵
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
      4⤵
      PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52574.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
      4⤵
      PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        7⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35484.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        5⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        5⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17996.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        5⤵
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
      4⤵
      PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58900.exe
      4⤵
      PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
      4⤵
      PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
      4⤵
      PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
      4⤵
      PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
      4⤵
      PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
    3⤵
    PID:948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
    3⤵
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exe
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
    3⤵
    PID:4688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5626.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
        6⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        6⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        6⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        6⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        5⤵
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        5⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        5⤵
        
        PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
      4⤵
      PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
      4⤵
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
      4⤵
      PID:4236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
      4⤵
      PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
      4⤵
      PID:4112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
      4⤵
      PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
    3⤵
    PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
    3⤵
    PID:3948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37302.exe
    3⤵
    PID:4612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13036.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        5⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40826.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
      4⤵
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
      4⤵
      PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
    3⤵
    PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
    3⤵
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
    3⤵
    PID:4788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
      4⤵
      PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
    3⤵
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
      4⤵
      PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47327.exe
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
    3⤵
    PID:4180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17303.exe
    3⤵
    PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
    3⤵
    PID:3516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
    3⤵
    PID:5016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
  2⤵
  PID:1672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
  2⤵
  PID:2964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
  2⤵
  PID:2732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
  2⤵
  PID:3972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe

Filesize
468KB

MD5
2a1493077f9fb2a9f97ff55a6d0433bb

SHA1
d0df14a54122f3c5a64bc2c26c632b000cac025a

SHA256
960fe497e4df1f79f3e412a5dc37a86d6eca6951549d4925b3a09433c1144552

SHA512
302ab40f283051b9dae5da2f6d2a1a1a6c58d27092c2d3d45f8e183561b8bd71f7abab11372057aec044221318a9fa4598c878749eabbea61f12b2fcc6403d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe

Filesize
468KB

MD5
2eb156adaaad90dddf2c032bf956b25c

SHA1
d23e696554cb0d49f708921996878c5757ecf357

SHA256
de8dfcbbf7d86398dcdb8a6afcb8440977573ee5499d0aef916d8a78578f49c8

SHA512
567cb4ff21100a06f8d7cb958ea778ef87d2e98e9b046beccbb08a1e18788ae37ff30946fb460d096e2c63d82ed6cfc605ca665d39cbb5064f2ad8abc7c7b530

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe

Filesize
468KB

MD5
e7bda8adcf37b16567609606c6314c22

SHA1
f0f058d20236b190a167a51cba433abe165fefe5

SHA256
203df43e8bc48eeda6627cd8627d6dcac6339f790800a00634bef2d30866f39c

SHA512
ef94da557e46269075d5b820c423e550273e5f60ec3630a91615f79a128ec3db3a601adc3c5ced7f064b703f97b81275b1d060805f6e03f5957d45db38e3ba8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe

Filesize
468KB

MD5
fc34b1eab824355e1f8abefdb9a7d573

SHA1
3ef54af896a6a6c65f28b30bc2da3a1fc925e12d

SHA256
c97675abb74ede1d515306b2d68a0e96ed86317e89ac053a121a3b3cac9597aa

SHA512
75c8f7c18c299650e5adb4ebf10ff54ecf45571e6b63d04f57320e5e30f3792c83e224f97bf5a600cb3f28ec6f01a98edeba1884da5a724c7a3d37015f889e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe

Filesize
468KB

MD5
dd802108ec5297747db7f3f0110cde5a

SHA1
10c60574e245a1b0458a73e67afc8cbba4a0af62

SHA256
376dd4c300d207315b9c23ea081317a258598ce92ff1fe5b57012b73517d3447

SHA512
0ad7ebc9fb5ce3cf0c349b83b9294bcbd054cdc02ac1e6e0ab5ba138e11dfaa88958c6e45c737240472acc453a2149c3fc9899e33f79a5b0e6960556d087ffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe

Filesize
468KB

MD5
fa062bd50a947cb5e0948a7ac2cada76

SHA1
82ce9d1ab3f6fc7832969bb7ebb9d8bcc95c1054

SHA256
1843003e0cd27fc66bf09632d1ebccbc5e340bd6bc2a39ba0cbed34101286893

SHA512
3d0dda13be6036585bc796e4821feeb5c669635df889a40676be1dc81dde52d814edbbd6929169794cfacd64c51ea4466a3558d4ca6976470fe2890c46a147a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe

Filesize
468KB

MD5
5dd7e4fd9b8a9d4238f60e6cc3cb6baa

SHA1
76957b9a81c9f89a7d2f542b246d5672bd40b4e5

SHA256
ded60d19439f8985bbc2093df82debd431998249503e4516ab064b0ea6d500ce

SHA512
6ed1f5a855dcd1589564e8aab5d5e9228a55547cecf83cfad7eed3c94b3b20f9712583a2ef5d77407ff7fa3a49d3f1fd8a89f52e6882ed92058ffb0203b0470e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe

Filesize
468KB

MD5
70f96997c9d7ca2d6b6a9c9457f635ed

SHA1
62d5d287eea2f83b22d759ef95e3c13c4885b241

SHA256
1cdeeb7c7000f81ed4abe8195e804fa609dd386750c1142c5e8f1edc6e2530b4

SHA512
8a2c7858bfb8e03aa5b0037ab3c9385273c722a8f4edb85e8accfc792ce4e3b8bbb3b968554ff77bca6a20d4177efaa0528595630117007a66cb2b40f2075ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe

Filesize
468KB

MD5
fb7000e44d09fd89507037bab7935c0e

SHA1
9fed514d0e197a7712faf3e8ef410f4bcffb4a92

SHA256
2b3f7904d44d4d2c3c9915cb959bd37c8094a8125db961bd6ab2eb5bd6751f37

SHA512
36850bda185fda781884ab7f0c8e8c4fd6c72b85fae585d9186e1388f69b0264ccad3975387e51bf0caf83c54ef73d9d66aa717dcf0692a04e9bd506fa72aac6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe

Filesize
468KB

MD5
9865781365c4e90c20daaa21c56b7c3a

SHA1
2dfb93d7b794537bc7f256c6476ad134ffdeed5b

SHA256
5d80a3d96d732ec3d0994e8913c5d83c8cd438519c1ecb7e6c9476e7c317195d

SHA512
674f31437db60881824f5f9c40e8ddd7619bc6a0fc67a62ce248322f92c5fb0ff0e3db4fac34c2505ba3769003222f52404749124764e318bb1283877fa9ffae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe

Filesize
468KB

MD5
5155fc7180c57c5e482916dde3019d83

SHA1
a361f65bcb7516bc5ada417f76ab6cde50d6e19f

SHA256
e9ea06abc271468315c7f72b4fbca96fa4c9a0440ca519a7f30b8cf10626882f

SHA512
1bb0c5011b76d7ed74be40e6a4c3f584756395eb4856855a65022434cecec3a349459a41a1ea2539487a315d99c622e1306467b51f78cefe87c9a30e934df28f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe

Filesize
468KB

MD5
31008c88da58625c90259b9bd7c0d98c

SHA1
075bbff05f1b4506ae590f341de5e03963397dac

SHA256
1d4479da58d920b640aa2d700a9db7f4084154c428e1b389a81f2542a40f0045

SHA512
16c1884caab8a0c605dc9ad41a49bb7500b51fc6799b32066c6bdd7bcc4f87b1053db5e7cde105e7deaa6350cdd44fa6b95b7cb1590d66b0553499765698dd82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe

Filesize
468KB

MD5
000806c40c1b72aa533e76150a9a9733

SHA1
0cbb7bbfa4144ca9ec23e0cf9befd3028146046c

SHA256
b6d12e0b37cc15ac7ea60288931ef740f0bce497f67f04dc2656fadc0fe9a6e4

SHA512
c9d435c3bd266895994cbe4263c1388f9afae00d5ad45cd1c398b4bd4e216895994e989a48e3b781c452a673c4b26d16fd5bad23e8129be2580e5db1de074030

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe

Filesize
468KB

MD5
6a0629904f208f058ce0acba651aa4b9

SHA1
d62b025facb1b3d2d04d5fe6984d3ff1b4749b5b

SHA256
db9b9d1cf3f65790ae9a5a191875cd1dd204f1ffafe0a49a5b85d3ff9ddd5078

SHA512
a83c5690d4889f710c35874b6050d76c43bc7e4615a3841725a0ad3fd1c56b05c511d2e9b7e0926c74e3c4f3cbf9706d2ae70cfdc0a7fde05933c85476022c7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe

Filesize
468KB

MD5
8bf2aea814288c4c7ff28c8454953e02

SHA1
c2e40d7617477ced11ec0b342b45d36a44d2bfcb

SHA256
59bc8dd5fd8e50b312b3a41f05177b8bc090bbc4211026407a17fa93a6d2a174

SHA512
323b95c2bec3d1eb162be49851c917524c2f92cbe01196687e33c5bdc3d5aea7837412e5ad2d84b078543da78028223a1f5a08213c06b5fcd4932529e4234340

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe

Filesize
468KB

MD5
188599b3384a6d5c6db6961b5e822e12

SHA1
c2147d73ff186f8a551cc7650b0eccaedd31a27a

SHA256
88b95759433ed29cfb9b426e736de57feecd0c3b520f861c715ee88075afdac5

SHA512
d446879dee85429f0279db6854b46c919d96de75155c45754fbeadd1e75be59e13e10ccdc190419896c8c02c48151b1796487cb8045d90b7f4501b75dc4e6d25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe

Filesize
468KB

MD5
5af3bb019c6a93d12206e086bdcf9b52

SHA1
2307680263a8cbfd34f0ac697e4653e4775e6337

SHA256
c02e0a2d5f5aa1a037fa361de4ea79f0abc0b843609f1176cc2f1ca2ebf0d47f

SHA512
ea4b5c4e954f2d13fb11a32b97c525c9a110b2d308dea59b3d8bf39915bae57b771514bab95bcd3a44a690f9fc58ca3c97ed14afa8544cad8dac1bfac2689345

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61853.exe

Filesize
468KB

MD5
3631f9f42c109028545142dd09efa7a2

SHA1
0d1b46202d42859fd205ab89ab000e9d0471de8f

SHA256
325c7352ae352d1f31fc3ced746d811048f356e145ec260e1328f9b5706d834d

SHA512
d11e153218b41977221a084e5069c67425260e0cd93aeb9432c5e6fdc53d305763d125f0c848df34363de7e4da66bcf2a8953c80010ec0940be983e27eae5c81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe

Filesize
468KB

MD5
86bd4a9ffc23c160b01009bc1e413155

SHA1
24d8eaee927d9b6192904a82c0edaef60ee8d49a

SHA256
7bfc0671cb7a6ac79cea58bef58ebda74cc7f737122b60f36ab598e6e3b419d0

SHA512
6cda9c3210fae1606570308ca29b0b71df92e09c1fa18a6315d34a4ef02bb4634feb3d7ec54726deae00ac3b483b8f263bc281b898d8b1755147fc743c8ed769

Download Submit