3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 20:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
Size

468KB
MD5

6eaeece8d9d6a9fbcc8f1d4344a76ee6
SHA1

c5fa1d530d44d8fcbdbe21ee189bcbeaf0256394
SHA256

3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d
SHA512

2de20a3a9ea77afb3b44c50900a8e86539e52414236bddb653c14b9045bb1602f8d580cc7fdf54298922d4d9f47a9b0af91041d18e660330cb4ef4cb96c31439
SSDEEP

3072:yu0VogkGII5AtGYJzYITcf8wFChCPppyJEHCYV1udq/LgJVd1vlj:yueoTIAtVzVTcfrfwjdqDMVd1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2156	Unicorn-46230.exe
2788	Unicorn-58529.exe
2840	Unicorn-13967.exe
2672	Unicorn-29832.exe
2280	Unicorn-57029.exe
1752	Unicorn-46168.exe
2760	Unicorn-50920.exe
1896	Unicorn-63656.exe
2616	Unicorn-19286.exe
1940	Unicorn-13085.exe
592	Unicorn-17724.exe
2060	Unicorn-29321.exe
3040	Unicorn-35187.exe
1292	Unicorn-35452.exe
1460	Unicorn-13168.exe
812	Unicorn-48071.exe
2180	Unicorn-62369.exe
2288	Unicorn-3417.exe
2436	Unicorn-35919.exe
1136	Unicorn-58477.exe
1656	Unicorn-49547.exe
2908	Unicorn-57662.exe
2948	Unicorn-50885.exe
972	Unicorn-48482.exe
2448	Unicorn-35103.exe
1468	Unicorn-20159.exe
3016	Unicorn-44563.exe
1964	Unicorn-35710.exe
2360	Unicorn-58752.exe
2488	Unicorn-19858.exe
2380	Unicorn-65529.exe
1628	Unicorn-40278.exe
2508	Unicorn-40013.exe
1608	Unicorn-5467.exe
564	Unicorn-26442.exe
2896	Unicorn-24417.exe
2764	Unicorn-51715.exe
2740	Unicorn-16158.exe
2904	Unicorn-28964.exe
2668	Unicorn-38524.exe
2704	Unicorn-56147.exe
2804	Unicorn-49370.exe
1652	Unicorn-63495.exe
1516	Unicorn-12421.exe
2184	Unicorn-63660.exe
1824	Unicorn-34980.exe
2676	Unicorn-43702.exe
904	Unicorn-63568.exe
1168	Unicorn-2115.exe
2832	Unicorn-64752.exe
2568	Unicorn-18066.exe
2068	Unicorn-43532.exe
1132	Unicorn-25612.exe
1128	Unicorn-47424.exe
2216	Unicorn-50138.exe
2268	Unicorn-44663.exe
608	Unicorn-34578.exe
708	Unicorn-26319.exe
2252	Unicorn-12431.exe
2516	Unicorn-28841.exe
1816	Unicorn-16589.exe
964	Unicorn-37585.exe
1984	Unicorn-48254.exe
2116	Unicorn-2582.exe

Loads dropped DLL 64 IoCs

pid	Process
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2156	Unicorn-46230.exe
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2156	Unicorn-46230.exe
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2788	Unicorn-58529.exe
2788	Unicorn-58529.exe
2156	Unicorn-46230.exe
2156	Unicorn-46230.exe
2840	Unicorn-13967.exe
2840	Unicorn-13967.exe
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2672	Unicorn-29832.exe
2788	Unicorn-58529.exe
2672	Unicorn-29832.exe
2788	Unicorn-58529.exe
1752	Unicorn-46168.exe
1752	Unicorn-46168.exe
2840	Unicorn-13967.exe
2840	Unicorn-13967.exe
2156	Unicorn-46230.exe
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2280	Unicorn-57029.exe
2156	Unicorn-46230.exe
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2280	Unicorn-57029.exe
2616	Unicorn-19286.exe
2788	Unicorn-58529.exe
2616	Unicorn-19286.exe
2788	Unicorn-58529.exe
1896	Unicorn-63656.exe
1896	Unicorn-63656.exe
2672	Unicorn-29832.exe
2672	Unicorn-29832.exe
3040	Unicorn-35187.exe
3040	Unicorn-35187.exe
1292	Unicorn-35452.exe
1292	Unicorn-35452.exe
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2280	Unicorn-57029.exe
1940	Unicorn-13085.exe
2280	Unicorn-57029.exe
1940	Unicorn-13085.exe
2156	Unicorn-46230.exe
1752	Unicorn-46168.exe
2156	Unicorn-46230.exe
1752	Unicorn-46168.exe
592	Unicorn-17724.exe
592	Unicorn-17724.exe
2840	Unicorn-13967.exe
2840	Unicorn-13967.exe
2760	Unicorn-50920.exe
2760	Unicorn-50920.exe
2180	Unicorn-62369.exe
2180	Unicorn-62369.exe
812	Unicorn-48071.exe
812	Unicorn-48071.exe
1896	Unicorn-63656.exe
1896	Unicorn-63656.exe
1460	Unicorn-13168.exe
2788	Unicorn-58529.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40797.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
2156	Unicorn-46230.exe
2788	Unicorn-58529.exe
2840	Unicorn-13967.exe
2672	Unicorn-29832.exe
1752	Unicorn-46168.exe
2280	Unicorn-57029.exe
2760	Unicorn-50920.exe
2616	Unicorn-19286.exe
1896	Unicorn-63656.exe
2060	Unicorn-29321.exe
1940	Unicorn-13085.exe
3040	Unicorn-35187.exe
1292	Unicorn-35452.exe
592	Unicorn-17724.exe
1460	Unicorn-13168.exe
812	Unicorn-48071.exe
2180	Unicorn-62369.exe
2288	Unicorn-3417.exe
2436	Unicorn-35919.exe
1136	Unicorn-58477.exe
1656	Unicorn-49547.exe
2908	Unicorn-57662.exe
2948	Unicorn-50885.exe
1468	Unicorn-20159.exe
972	Unicorn-48482.exe
3016	Unicorn-44563.exe
2448	Unicorn-35103.exe
1964	Unicorn-35710.exe
2360	Unicorn-58752.exe
2488	Unicorn-19858.exe
2380	Unicorn-65529.exe
564	Unicorn-26442.exe
1608	Unicorn-5467.exe
1628	Unicorn-40278.exe
2508	Unicorn-40013.exe
2764	Unicorn-51715.exe
2896	Unicorn-24417.exe
2740	Unicorn-16158.exe
2668	Unicorn-38524.exe
2704	Unicorn-56147.exe
2804	Unicorn-49370.exe
2904	Unicorn-28964.exe
1652	Unicorn-63495.exe
1516	Unicorn-12421.exe
1824	Unicorn-34980.exe
2184	Unicorn-63660.exe
904	Unicorn-63568.exe
1168	Unicorn-2115.exe
2676	Unicorn-43702.exe
2832	Unicorn-64752.exe
2568	Unicorn-18066.exe
2068	Unicorn-43532.exe
1132	Unicorn-25612.exe
1128	Unicorn-47424.exe
2216	Unicorn-50138.exe
2268	Unicorn-44663.exe
608	Unicorn-34578.exe
708	Unicorn-26319.exe
2252	Unicorn-12431.exe
1816	Unicorn-16589.exe
2516	Unicorn-28841.exe
2392	Unicorn-27206.exe
964	Unicorn-37585.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2156	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	29
PID 2052 wrote to memory of 2156	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	29
PID 2052 wrote to memory of 2156	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	29
PID 2052 wrote to memory of 2156	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	29
PID 2156 wrote to memory of 2788	2156	Unicorn-46230.exe	30
PID 2156 wrote to memory of 2788	2156	Unicorn-46230.exe	30
PID 2156 wrote to memory of 2788	2156	Unicorn-46230.exe	30
PID 2156 wrote to memory of 2788	2156	Unicorn-46230.exe	30
PID 2052 wrote to memory of 2840	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	31
PID 2052 wrote to memory of 2840	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	31
PID 2052 wrote to memory of 2840	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	31
PID 2052 wrote to memory of 2840	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	31
PID 2788 wrote to memory of 2672	2788	Unicorn-58529.exe	32
PID 2788 wrote to memory of 2672	2788	Unicorn-58529.exe	32
PID 2788 wrote to memory of 2672	2788	Unicorn-58529.exe	32
PID 2788 wrote to memory of 2672	2788	Unicorn-58529.exe	32
PID 2156 wrote to memory of 2280	2156	Unicorn-46230.exe	33
PID 2156 wrote to memory of 2280	2156	Unicorn-46230.exe	33
PID 2156 wrote to memory of 2280	2156	Unicorn-46230.exe	33
PID 2156 wrote to memory of 2280	2156	Unicorn-46230.exe	33
PID 2840 wrote to memory of 1752	2840	Unicorn-13967.exe	34
PID 2840 wrote to memory of 1752	2840	Unicorn-13967.exe	34
PID 2840 wrote to memory of 1752	2840	Unicorn-13967.exe	34
PID 2840 wrote to memory of 1752	2840	Unicorn-13967.exe	34
PID 2052 wrote to memory of 2760	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	35
PID 2052 wrote to memory of 2760	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	35
PID 2052 wrote to memory of 2760	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	35
PID 2052 wrote to memory of 2760	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	35
PID 2672 wrote to memory of 1896	2672	Unicorn-29832.exe	36
PID 2672 wrote to memory of 1896	2672	Unicorn-29832.exe	36
PID 2672 wrote to memory of 1896	2672	Unicorn-29832.exe	36
PID 2672 wrote to memory of 1896	2672	Unicorn-29832.exe	36
PID 2788 wrote to memory of 2616	2788	Unicorn-58529.exe	37
PID 2788 wrote to memory of 2616	2788	Unicorn-58529.exe	37
PID 2788 wrote to memory of 2616	2788	Unicorn-58529.exe	37
PID 2788 wrote to memory of 2616	2788	Unicorn-58529.exe	37
PID 1752 wrote to memory of 1940	1752	Unicorn-46168.exe	38
PID 1752 wrote to memory of 1940	1752	Unicorn-46168.exe	38
PID 1752 wrote to memory of 1940	1752	Unicorn-46168.exe	38
PID 1752 wrote to memory of 1940	1752	Unicorn-46168.exe	38
PID 2840 wrote to memory of 592	2840	Unicorn-13967.exe	39
PID 2840 wrote to memory of 592	2840	Unicorn-13967.exe	39
PID 2840 wrote to memory of 592	2840	Unicorn-13967.exe	39
PID 2840 wrote to memory of 592	2840	Unicorn-13967.exe	39
PID 2156 wrote to memory of 2060	2156	Unicorn-46230.exe	40
PID 2156 wrote to memory of 2060	2156	Unicorn-46230.exe	40
PID 2156 wrote to memory of 2060	2156	Unicorn-46230.exe	40
PID 2156 wrote to memory of 2060	2156	Unicorn-46230.exe	40
PID 2052 wrote to memory of 3040	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	41
PID 2052 wrote to memory of 3040	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	41
PID 2052 wrote to memory of 3040	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	41
PID 2052 wrote to memory of 3040	2052	3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe	41
PID 2280 wrote to memory of 1292	2280	Unicorn-57029.exe	42
PID 2280 wrote to memory of 1292	2280	Unicorn-57029.exe	42
PID 2280 wrote to memory of 1292	2280	Unicorn-57029.exe	42
PID 2280 wrote to memory of 1292	2280	Unicorn-57029.exe	42
PID 2616 wrote to memory of 1460	2616	Unicorn-19286.exe	43
PID 2616 wrote to memory of 1460	2616	Unicorn-19286.exe	43
PID 2616 wrote to memory of 1460	2616	Unicorn-19286.exe	43
PID 2616 wrote to memory of 1460	2616	Unicorn-19286.exe	43
PID 2788 wrote to memory of 812	2788	Unicorn-58529.exe	44
PID 2788 wrote to memory of 812	2788	Unicorn-58529.exe	44
PID 2788 wrote to memory of 812	2788	Unicorn-58529.exe	44
PID 2788 wrote to memory of 812	2788	Unicorn-58529.exe	44

C:\Users\Admin\AppData\Local\Temp\3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe
"C:\Users\Admin\AppData\Local\Temp\3b7563c71b79872d394913d3e756454eecf01ada8f3d64e174ad70e59c211a7d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46230.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46230.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24044.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        8⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12555.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        7⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        7⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        7⤵
        Executes dropped EXE
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        7⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        7⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
        6⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
        7⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        7⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-486.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        7⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        6⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        6⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        6⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        5⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
        5⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21172.exe
        5⤵
        
        PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24115.exe
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28792.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        6⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
        5⤵
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        5⤵
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        6⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        6⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20516.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8889.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
      4⤵
      PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
      4⤵
      PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
      4⤵
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
      4⤵
      PID:672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
      4⤵
      PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        7⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        7⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        6⤵
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        6⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1710.exe
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        6⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19468.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        5⤵
        Executes dropped EXE
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        5⤵
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        5⤵
        
        PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
      4⤵
      PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
      4⤵
      PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
      4⤵
      PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        5⤵
        
        PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
      4⤵
      PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
      4⤵
      PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
      4⤵
      PID:5768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        5⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2105.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
      4⤵
      PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
      4⤵
      PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
      4⤵
      PID:5824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
      4⤵
      PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
      4⤵
      PID:5528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
    3⤵
    PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
    3⤵
    PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
    3⤵
    PID:3532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
    3⤵
    PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
    3⤵
    PID:5716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        7⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        7⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        6⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        6⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        6⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        5⤵
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        5⤵
        
        PID:236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        5⤵
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        5⤵
        
        PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        5⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
      4⤵
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
      4⤵
      PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        6⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        5⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        5⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
      4⤵
      PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
      4⤵
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        5⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      4⤵
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36442.exe
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
      4⤵
      PID:5872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
      4⤵
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
      4⤵
      PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
        5⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        5⤵
        
        PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30128.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
      4⤵
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
      4⤵
      PID:5400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
    3⤵
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
    3⤵
    PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
    3⤵
    PID:3200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
    3⤵
    PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
    3⤵
    PID:3476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
    3⤵
    PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
    3⤵
    PID:5148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37585.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
      4⤵
      PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
      4⤵
      PID:5808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
    3⤵
    PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
    3⤵
    PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
    3⤵
    PID:3424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
    3⤵
    PID:4588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18285.exe
        5⤵
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
      4⤵
      PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
      4⤵
      PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
      4⤵
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
      4⤵
      PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
      4⤵
      PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
    3⤵
    PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
    3⤵
    PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
    3⤵
    PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
    3⤵
    PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
    3⤵
    PID:5748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
      4⤵
      PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
      4⤵
      PID:5880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
    3⤵
    PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
    3⤵
    PID:3816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
    3⤵
    PID:4408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
    3⤵
    PID:5332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
    3⤵
    PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
    3⤵
    PID:4520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
    3⤵
    PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
    3⤵
    PID:5844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
  2⤵
  PID:1080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
  2⤵
  PID:2780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
  2⤵
  PID:3392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
  2⤵
  PID:4028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
  2⤵
  PID:4772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
  2⤵
  PID:5140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
  2⤵
  PID:5684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe

Filesize
468KB

MD5
26f9850b7dc93e3272aac90f6445d82d

SHA1
b176ef2ef3e7428226d9487e8046a51d65365ef9

SHA256
c8618a13d2e8a3caec52914628192410051373e45fb99491778ff86979fd03b5

SHA512
d863c2bc6f7c075381bd611288c63609a1f622a4e7dd3252117e92d85b3ce325a486c2dab86c43ba8b22d0dc34d1850e7f6a091fd5bb0ea82fb75c710e0e7c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe

Filesize
468KB

MD5
eef893063f7e1bbf191d05334e3d2cc4

SHA1
4d91fbdc5ba4dde34229a04507758d34fa72738a

SHA256
af159bbb0795a52a5237070cb6bb447276adf73ecfd3c671a6a40e665210d436

SHA512
7ae49fae1bee2d927eae5bef510eb58ef6f4638d2f4c21c9535c6e6e2374a2e77385e0dc5630159a52c68913b56f9cccef06063e0c7d512451171727e9974c9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe

Filesize
468KB

MD5
06c2bb5c6c75a922a083b46a624bb73f

SHA1
78957eaeff0b5591561f43506359a18c71bf54cc

SHA256
d82c5b54c9e20035fa8ae8289b956c3992c3d4da5a9388d93c0524429bc00436

SHA512
e264f0723bc31dffd6bb6f9cc677fe0a06eb1eb703a70fa7040e90f962d0b07a36df5790639188429d1b4f4675df7fd76c173c5d6c140458fd6dbb64ddb0ddf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe

Filesize
468KB

MD5
987d9d72e796a055e11e7f4796b4cfce

SHA1
30de3b6cc02f550aea7f05a8e7286438c1499aac

SHA256
138b05678621dd60d1ffefd7c6ac18e69b806641ae34cb54123ab8b15f1d5348

SHA512
a8d4c4c93869cb275c6f313a98ff460120ec6f2c9af81e425b57a0f93d8113a5e7361bd14d7f0668f3f9a0dc541c4fca3b554f190910a0848f4f130ab18ae946

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe

Filesize
468KB

MD5
754e20a46602e969ac9ab8d33602e62c

SHA1
4e1c70252e59c321e01798654abae27cfd9ae429

SHA256
63b1d4ba490b5d335b279c45e1d08e3f8d40ceccacf8cb1728f5f396d1ba82f7

SHA512
a72a9e66b50e45146755113a04fbc528075f7452ae8bbea6ba88fcc6041d9ddf8469b3c8b70bf822a2ae241c31a24ad19c3fd8d7689733ea23435173f6012d09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe

Filesize
468KB

MD5
9b9dec0c0c4d291342529d4e3c07bf3e

SHA1
0512ac1a1894d914d5de21235c6facc9462689d3

SHA256
ba244796d6cf3f25eb2e45ce28596cd2af7db3f4c51dd3d3e3c8e29bbcdf9539

SHA512
7badcdb8b910c26863524cad28588a105024c696336f9c2e9c6deacf4243444cb8f6d3ed4f0c795b24840e8c5c3479e6310948d5d0f5deb70f00fe9cd1546bc0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe

Filesize
468KB

MD5
20adb6e10426092bafab03afb69b474d

SHA1
76e9ba492a189638e00c5274390509806b8d1c53

SHA256
336bec5ea91982a9194b780f320a0d4e6fb0935dc0b72338b56bc19d7487cc31

SHA512
905dec45c1328830507eaab86a1084402f95592fefab97d849c36d38dc23c6b23999fc1313d42169166213ce22c3895e7e216afd00b6b2e442b1590430061140

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe

Filesize
468KB

MD5
f7218747246cf9e2ffead93b38d4d928

SHA1
7c8bb8b1acaaaa29b10838d2da6e775065d62703

SHA256
6d34164e3536ada06e35435c98aaf6eeaff98ad31f6f9bac7d6bf5de0db76d39

SHA512
36dad910ce3287222f129f20452cf95c4137d34a33e1a4823c10961c91eb1e4bab422c893e86a7703b70ed07c51d605e6009a92ccfef3bbbdc377c4a21f71f67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe

Filesize
468KB

MD5
56621bbcca49f4041b2f15081a503170

SHA1
3ba288df27c8a3c9f041c04674561630ca6b9f55

SHA256
3075b3b7549ca210fd9962bdb8112411a87aef2e00a5e0916a39e8f11daaf95d

SHA512
09175b63d5da21ba4a2cf3fd30ffa6d971a5177dd73106f2f612c779f37acb897fa21de2df1f517ea9ef2096f3091e4776653852abc81c5a031899ae37dbc607

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe

Filesize
468KB

MD5
247d22bf658a405700956102ab1a9aff

SHA1
2ea2b4550c55f50de92427d4465d58831133c1fe

SHA256
c9adec81c8d12f5b442d15098c92fb1ac114236f5f5b608fc5d41001cd3b591d

SHA512
ef0a47180a888ba1e673aa17472435701fc87e6ebdb7d94b0e19f2243c7c223b183fab1ad8c3079dc3660174a0262b2dc99bbcb12b77e7349541dd7d6f0ecdf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe

Filesize
468KB

MD5
db3beaa022d1f64f7c7689508384e334

SHA1
d5dcb536363c4929fa123d5e3830b8b14a34c435

SHA256
cc820626965bd4d3784f2cf22356976b2ce0b0eceddf8dc5bdc64339eacd75da

SHA512
88eb02c38b9c5424e4e136318b091b74847275c23ef2790366b53910d020e43c1e932197eebb23dd204590b1266d3b13cfc62f437a3bd17e91f44cce92f662b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe

Filesize
468KB

MD5
972aa53dc6f727d13cfbf4103f72b7c1

SHA1
7414d2615e1d640b75a1ab43d99bbaeb5f02814b

SHA256
c046c06e903616b8ef13f7602b2abf486e0b0e0e90b8d404a6950203673380f3

SHA512
7bc8cc9b7fbe309d15d7291b0c362b1d259510bb9d95e8e2d724398408450738692d3c9abba95915428cfb82aa5b300def7ed68d69e1382db59e379e9c1e4a01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe

Filesize
468KB

MD5
8afb25411a08742d3c9bd969a625707c

SHA1
f7fdb4b28fb49634937db703d5476d9837ec3c33

SHA256
1c2de07495f35068869a1f0e7bfa0f292ff3dde9410e42cf9434f998bc6b3d61

SHA512
49d664da4c7bc8cdf03f235a738af33656211f8d92889c5af6fe69d100b36d8b1e63f9de49f1c3ef722a36e631aa6fb5b392f63cd400ef89842fbfad02b240ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe

Filesize
468KB

MD5
4a6da54ec455f4700815655ab00efbeb

SHA1
6a5d4e5e9ca6630e1aeb29f022abf33e95b75741

SHA256
e51faf43cda7296704a026fd7ebfeb103ae10b93937a21fddaec6271f5e35c14

SHA512
e67b82c46811209bfc67acaf4df033de6a7c0170dbb515ac986a63818f61b3778b86c064e0ca1c157274b2330c1280361775aea985682006445748a26300cd38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46230.exe

Filesize
468KB

MD5
30060132084efff1581ed007d34b6f97

SHA1
26ba211a53fc5d2a802620d8adc55def79bc4206

SHA256
1c9c71cd57ff97f18231a83cfd7fee1e989c7efd4f528d0f4ffbe6f61b231655

SHA512
7ffe3a64ac3e1fb0fcffbbb95a9f4b8027a8e328c0c84a3a47aaf80a97193bc0052dae16000de380b7a8418f1bdd876cdb1764871bf8602ca98e479399fdc74d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe

Filesize
468KB

MD5
c4f4660cd72274f34e5c2f4680e0ea0d

SHA1
2844eb243348a2ac4eb7cbcd1eca5c07933a3d97

SHA256
c009f86de91c730aa11c55ace0362a34e9305a0e5dfe7c8d7e94f42c107cad59

SHA512
841d301b38f16260dad76ca7b43d8eed8b6be9e9961fb50119b49f27bfcc7e42df1262b099dc6dea702e05e17eb0d6a56e4f33d00e5af66e7cc89cb951e76abf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe

Filesize
468KB

MD5
d800e2aab35185a81f8995aa279dccea

SHA1
64ccedbdb5dbb75bb71fc06b0f9375cc430ebdd5

SHA256
86b9a19d9c5bae8db6ffec0bc6c1cb21dc3917afedff50e66094f63e87a740b0

SHA512
7b887dfd2e39195376e8fb056e96f5c4fb1f6ba0176e3eb68028584a66a2c515513058a98aac62107d1775d4e49a703c830983563d87194c51f87125c9a498f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe

Filesize
468KB

MD5
31f7c9ba9e742ddd2ac03866316ebe14

SHA1
0281cd8ff39e526c16b66228ac34a8c9d0258bcc

SHA256
862d05bcb51748ccfa42893104b97aa3d0e56f36c042e22a39b75b643880a19d

SHA512
8e04abd873eebaf1ecf1ac5988f55a9c91099cffec3295085f7c48908e133d40a0a08fc2eb7864af11eeb572ac167b2c5b32ecdee66ce36869dbaae6dc3ac4b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe

Filesize
468KB

MD5
6ac1a3e55babe9b6cdf3a21b881bbd14

SHA1
16c66326738053df8b12991a729f629af89d87bd

SHA256
c07e545b11570e92f853a66d333e5bf384c42bf6ea063c35543300a273449882

SHA512
f46e818972a8e5db892fe7f7040782399ffcc2ffe56a997f5e74b2e9cb22c3abbd1c15496fb02460d3024506705aaf2d9a650ce6cd9f2f763c03c1ad3fc19c8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe

Filesize
468KB

MD5
bea6ac9d95eb35eb4da4903444a2704e

SHA1
1b7b9e92eabaf3cba8cab3d67fa60d24f2a1ae7d

SHA256
5edb88786b17810ab4a1de8604513631b1de2c1a82887d343373988c1434c44b

SHA512
f74f485b31e20feeffe6d5242439ff7cf63bdfe4af52e4f9c415b871ada3c05e83df3fa1a61ad2df684ee5e5389a7d93dbe2d81698ad8b125fb56383cdf81191

Download Submit