77c874558be17ebd31bb71834d72cc3297476531112273ca3f71c50fce8214ac

Analysis

max time kernel
117s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d722afd73462d8d5e35f54fc39498430N.exe
Size

468KB
MD5

d722afd73462d8d5e35f54fc39498430
SHA1

cc6e34ea158d6c763b3afd903a4730d09cefd09c
SHA256

77c874558be17ebd31bb71834d72cc3297476531112273ca3f71c50fce8214ac
SHA512

18a02e1f5c46186f8836c19a12afa0307aa6a7c40db9f7f90bce1eb184c722a0ca4a26f9cd26aa6c7f2b6c41423bf10099f0321cdb00508910637df8749fd32e
SSDEEP

3072:EYgiogIyb45BtbYtPzqjQf8/aClbZnpsnmHhQEhN9sPMMPu6HdEW:EY1ok4BtiP+jQf+phd9sUGu6H

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2096	Unicorn-19025.exe
2152	Unicorn-39227.exe
628	Unicorn-3025.exe
1624	Unicorn-22890.exe
2656	Unicorn-38672.exe
2564	Unicorn-23296.exe
2528	Unicorn-62282.exe
3044	Unicorn-8286.exe
512	Unicorn-30753.exe
924	Unicorn-7317.exe
2400	Unicorn-19186.exe
2512	Unicorn-36674.exe
576	Unicorn-16808.exe
1756	Unicorn-36409.exe
704	Unicorn-64323.exe
1128	Unicorn-39746.exe
1956	Unicorn-9376.exe
2492	Unicorn-6570.exe
2160	Unicorn-64878.exe
1252	Unicorn-48755.exe
2436	Unicorn-5454.exe
2372	Unicorn-4899.exe
1100	Unicorn-41272.exe
1616	Unicorn-44594.exe
1344	Unicorn-37188.exe
1076	Unicorn-31057.exe
2704	Unicorn-42018.exe
1864	Unicorn-13430.exe
2204	Unicorn-63804.exe
1320	Unicorn-63783.exe
2468	Unicorn-46892.exe
876	Unicorn-44267.exe
2472	Unicorn-104.exe
1560	Unicorn-24779.exe
2928	Unicorn-38515.exe
2716	Unicorn-41137.exe
2668	Unicorn-41137.exe
928	Unicorn-4115.exe
2772	Unicorn-9772.exe
2900	Unicorn-9507.exe
2812	Unicorn-9772.exe
2312	Unicorn-9772.exe
2540	Unicorn-9772.exe
2748	Unicorn-55444.exe
2560	Unicorn-49843.exe
2544	Unicorn-64681.exe
2200	Unicorn-19402.exe
1856	Unicorn-14349.exe
2488	Unicorn-42044.exe
2820	Unicorn-35922.exe
2852	Unicorn-44282.exe
3020	Unicorn-17731.exe
2864	Unicorn-32030.exe
1312	Unicorn-65065.exe
560	Unicorn-60981.exe
2948	Unicorn-12185.exe
2316	Unicorn-54650.exe
1516	Unicorn-54650.exe
1964	Unicorn-3825.exe
1724	Unicorn-8978.exe
824	Unicorn-51282.exe
532	Unicorn-55439.exe
608	Unicorn-33518.exe
2608	Unicorn-46560.exe

Loads dropped DLL 64 IoCs

pid	Process
468	d722afd73462d8d5e35f54fc39498430N.exe
468	d722afd73462d8d5e35f54fc39498430N.exe
2096	Unicorn-19025.exe
468	d722afd73462d8d5e35f54fc39498430N.exe
2096	Unicorn-19025.exe
468	d722afd73462d8d5e35f54fc39498430N.exe
2152	Unicorn-39227.exe
2096	Unicorn-19025.exe
2096	Unicorn-19025.exe
2152	Unicorn-39227.exe
628	Unicorn-3025.exe
628	Unicorn-3025.exe
468	d722afd73462d8d5e35f54fc39498430N.exe
468	d722afd73462d8d5e35f54fc39498430N.exe
1624	Unicorn-22890.exe
2096	Unicorn-19025.exe
2564	Unicorn-23296.exe
1624	Unicorn-22890.exe
2096	Unicorn-19025.exe
2564	Unicorn-23296.exe
2528	Unicorn-62282.exe
2528	Unicorn-62282.exe
2656	Unicorn-38672.exe
2656	Unicorn-38672.exe
2152	Unicorn-39227.exe
468	d722afd73462d8d5e35f54fc39498430N.exe
2152	Unicorn-39227.exe
468	d722afd73462d8d5e35f54fc39498430N.exe
3044	Unicorn-8286.exe
3044	Unicorn-8286.exe
628	Unicorn-3025.exe
628	Unicorn-3025.exe
2096	Unicorn-19025.exe
2096	Unicorn-19025.exe
2400	Unicorn-19186.exe
2400	Unicorn-19186.exe
2528	Unicorn-62282.exe
2528	Unicorn-62282.exe
512	Unicorn-30753.exe
512	Unicorn-30753.exe
1624	Unicorn-22890.exe
1624	Unicorn-22890.exe
1756	Unicorn-36409.exe
1756	Unicorn-36409.exe
576	Unicorn-16808.exe
468	d722afd73462d8d5e35f54fc39498430N.exe
924	Unicorn-7317.exe
576	Unicorn-16808.exe
468	d722afd73462d8d5e35f54fc39498430N.exe
2152	Unicorn-39227.exe
924	Unicorn-7317.exe
2152	Unicorn-39227.exe
2564	Unicorn-23296.exe
2564	Unicorn-23296.exe
2656	Unicorn-38672.exe
2656	Unicorn-38672.exe
704	Unicorn-64323.exe
704	Unicorn-64323.exe
3044	Unicorn-8286.exe
1128	Unicorn-39746.exe
3044	Unicorn-8286.exe
1128	Unicorn-39746.exe
2096	Unicorn-19025.exe
2096	Unicorn-19025.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35922.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
468	d722afd73462d8d5e35f54fc39498430N.exe
2096	Unicorn-19025.exe
2152	Unicorn-39227.exe
628	Unicorn-3025.exe
1624	Unicorn-22890.exe
2564	Unicorn-23296.exe
2528	Unicorn-62282.exe
2656	Unicorn-38672.exe
3044	Unicorn-8286.exe
2400	Unicorn-19186.exe
512	Unicorn-30753.exe
924	Unicorn-7317.exe
576	Unicorn-16808.exe
1756	Unicorn-36409.exe
2512	Unicorn-36674.exe
704	Unicorn-64323.exe
1128	Unicorn-39746.exe
1956	Unicorn-9376.exe
2492	Unicorn-6570.exe
2160	Unicorn-64878.exe
1252	Unicorn-48755.exe
2436	Unicorn-5454.exe
1616	Unicorn-44594.exe
2704	Unicorn-42018.exe
2372	Unicorn-4899.exe
1076	Unicorn-31057.exe
1100	Unicorn-41272.exe
1344	Unicorn-37188.exe
1864	Unicorn-13430.exe
2204	Unicorn-63804.exe
1320	Unicorn-63783.exe
2468	Unicorn-46892.exe
876	Unicorn-44267.exe
2928	Unicorn-38515.exe
1560	Unicorn-24779.exe
2668	Unicorn-41137.exe
2716	Unicorn-41137.exe
928	Unicorn-4115.exe
2900	Unicorn-9507.exe
2540	Unicorn-9772.exe
2748	Unicorn-55444.exe
2560	Unicorn-49843.exe
2544	Unicorn-64681.exe
2312	Unicorn-9772.exe
2812	Unicorn-9772.exe
2772	Unicorn-9772.exe
1856	Unicorn-14349.exe
2200	Unicorn-19402.exe
2820	Unicorn-35922.exe
2488	Unicorn-42044.exe
2852	Unicorn-44282.exe
2864	Unicorn-32030.exe
3020	Unicorn-17731.exe
1964	Unicorn-3825.exe
1312	Unicorn-65065.exe
1516	Unicorn-54650.exe
1724	Unicorn-8978.exe
2316	Unicorn-54650.exe
560	Unicorn-60981.exe
2948	Unicorn-12185.exe
824	Unicorn-51282.exe
532	Unicorn-55439.exe
608	Unicorn-33518.exe
2608	Unicorn-46560.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 2096	468	d722afd73462d8d5e35f54fc39498430N.exe	30
PID 468 wrote to memory of 2096	468	d722afd73462d8d5e35f54fc39498430N.exe	30
PID 468 wrote to memory of 2096	468	d722afd73462d8d5e35f54fc39498430N.exe	30
PID 468 wrote to memory of 2096	468	d722afd73462d8d5e35f54fc39498430N.exe	30
PID 2096 wrote to memory of 2152	2096	Unicorn-19025.exe	31
PID 2096 wrote to memory of 2152	2096	Unicorn-19025.exe	31
PID 2096 wrote to memory of 2152	2096	Unicorn-19025.exe	31
PID 2096 wrote to memory of 2152	2096	Unicorn-19025.exe	31
PID 468 wrote to memory of 628	468	d722afd73462d8d5e35f54fc39498430N.exe	32
PID 468 wrote to memory of 628	468	d722afd73462d8d5e35f54fc39498430N.exe	32
PID 468 wrote to memory of 628	468	d722afd73462d8d5e35f54fc39498430N.exe	32
PID 468 wrote to memory of 628	468	d722afd73462d8d5e35f54fc39498430N.exe	32
PID 2096 wrote to memory of 1624	2096	Unicorn-19025.exe	34
PID 2096 wrote to memory of 1624	2096	Unicorn-19025.exe	34
PID 2096 wrote to memory of 1624	2096	Unicorn-19025.exe	34
PID 2096 wrote to memory of 1624	2096	Unicorn-19025.exe	34
PID 2152 wrote to memory of 2656	2152	Unicorn-39227.exe	33
PID 2152 wrote to memory of 2656	2152	Unicorn-39227.exe	33
PID 2152 wrote to memory of 2656	2152	Unicorn-39227.exe	33
PID 2152 wrote to memory of 2656	2152	Unicorn-39227.exe	33
PID 628 wrote to memory of 2564	628	Unicorn-3025.exe	35
PID 628 wrote to memory of 2564	628	Unicorn-3025.exe	35
PID 628 wrote to memory of 2564	628	Unicorn-3025.exe	35
PID 628 wrote to memory of 2564	628	Unicorn-3025.exe	35
PID 468 wrote to memory of 2528	468	d722afd73462d8d5e35f54fc39498430N.exe	36
PID 468 wrote to memory of 2528	468	d722afd73462d8d5e35f54fc39498430N.exe	36
PID 468 wrote to memory of 2528	468	d722afd73462d8d5e35f54fc39498430N.exe	36
PID 468 wrote to memory of 2528	468	d722afd73462d8d5e35f54fc39498430N.exe	36
PID 2096 wrote to memory of 3044	2096	Unicorn-19025.exe	38
PID 2096 wrote to memory of 3044	2096	Unicorn-19025.exe	38
PID 2096 wrote to memory of 3044	2096	Unicorn-19025.exe	38
PID 2096 wrote to memory of 3044	2096	Unicorn-19025.exe	38
PID 1624 wrote to memory of 512	1624	Unicorn-22890.exe	37
PID 1624 wrote to memory of 512	1624	Unicorn-22890.exe	37
PID 1624 wrote to memory of 512	1624	Unicorn-22890.exe	37
PID 1624 wrote to memory of 512	1624	Unicorn-22890.exe	37
PID 2564 wrote to memory of 924	2564	Unicorn-23296.exe	39
PID 2564 wrote to memory of 924	2564	Unicorn-23296.exe	39
PID 2564 wrote to memory of 924	2564	Unicorn-23296.exe	39
PID 2564 wrote to memory of 924	2564	Unicorn-23296.exe	39
PID 2528 wrote to memory of 2400	2528	Unicorn-62282.exe	40
PID 2528 wrote to memory of 2400	2528	Unicorn-62282.exe	40
PID 2528 wrote to memory of 2400	2528	Unicorn-62282.exe	40
PID 2528 wrote to memory of 2400	2528	Unicorn-62282.exe	40
PID 2656 wrote to memory of 2512	2656	Unicorn-38672.exe	41
PID 2656 wrote to memory of 2512	2656	Unicorn-38672.exe	41
PID 2656 wrote to memory of 2512	2656	Unicorn-38672.exe	41
PID 2656 wrote to memory of 2512	2656	Unicorn-38672.exe	41
PID 2152 wrote to memory of 576	2152	Unicorn-39227.exe	42
PID 2152 wrote to memory of 576	2152	Unicorn-39227.exe	42
PID 2152 wrote to memory of 576	2152	Unicorn-39227.exe	42
PID 2152 wrote to memory of 576	2152	Unicorn-39227.exe	42
PID 468 wrote to memory of 1756	468	d722afd73462d8d5e35f54fc39498430N.exe	43
PID 468 wrote to memory of 1756	468	d722afd73462d8d5e35f54fc39498430N.exe	43
PID 468 wrote to memory of 1756	468	d722afd73462d8d5e35f54fc39498430N.exe	43
PID 468 wrote to memory of 1756	468	d722afd73462d8d5e35f54fc39498430N.exe	43
PID 3044 wrote to memory of 704	3044	Unicorn-8286.exe	44
PID 3044 wrote to memory of 704	3044	Unicorn-8286.exe	44
PID 3044 wrote to memory of 704	3044	Unicorn-8286.exe	44
PID 3044 wrote to memory of 704	3044	Unicorn-8286.exe	44
PID 628 wrote to memory of 1956	628	Unicorn-3025.exe	45
PID 628 wrote to memory of 1956	628	Unicorn-3025.exe	45
PID 628 wrote to memory of 1956	628	Unicorn-3025.exe	45
PID 628 wrote to memory of 1956	628	Unicorn-3025.exe	45

C:\Users\Admin\AppData\Local\Temp\d722afd73462d8d5e35f54fc39498430N.exe
"C:\Users\Admin\AppData\Local\Temp\d722afd73462d8d5e35f54fc39498430N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        7⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        6⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        6⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4322.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
        6⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        7⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        7⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        6⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        6⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        6⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48937.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        5⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        5⤵
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        7⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        6⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        6⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        5⤵
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        6⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29836.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        6⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        5⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
        5⤵
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        5⤵
        
        PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        5⤵
        
        PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
      4⤵
      PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49855.exe
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
      4⤵
      PID:4964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56755.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        6⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        6⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        6⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        5⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        6⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24455.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        6⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42044.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        5⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        5⤵
        
        PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
      4⤵
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
      4⤵
      PID:4556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        7⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        6⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        6⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
        6⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        5⤵
        
        PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        5⤵
        
        PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
      4⤵
      PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48169.exe
        6⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        6⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        5⤵
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
      4⤵
      PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
      4⤵
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
      4⤵
      PID:4932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
    3⤵
    PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
      4⤵
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
      4⤵
      PID:4740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8103.exe
    3⤵
    PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
    3⤵
    PID:3776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
    3⤵
    PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
    3⤵
    PID:5020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        7⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        6⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17578.exe
        6⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        6⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22172.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        6⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        6⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        5⤵
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19402.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41345.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        5⤵
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        5⤵
        
        PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
      4⤵
      PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
      4⤵
      PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
      4⤵
      PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
      4⤵
      PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
      4⤵
      PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
      4⤵
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
      4⤵
      PID:4808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
    3⤵
    PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
    3⤵
    PID:2592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2683.exe
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46731.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
    3⤵
    PID:4144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18730.exe
        6⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        6⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        5⤵
        
        PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7833.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        5⤵
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        5⤵
        
        PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
      4⤵
      PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
      4⤵
      PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
      4⤵
      Executes dropped EXE
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        5⤵
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35376.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
      4⤵
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
      4⤵
      PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61760.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        5⤵
        
        PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
      4⤵
      PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
      4⤵
      PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19628.exe
      4⤵
      PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
      4⤵
      PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
    3⤵
    PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
    3⤵
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
    3⤵
    PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
    3⤵
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
    3⤵
    PID:4980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        5⤵
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
      4⤵
      PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35889.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
      4⤵
      PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
      4⤵
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
      4⤵
      PID:4568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
    3⤵
    PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
    3⤵
    PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
    3⤵
    PID:5044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44594.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44594.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
      4⤵
      PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
      4⤵
      PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
      4⤵
      PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
    3⤵
    PID:1220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
    3⤵
    PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
    3⤵
    PID:3260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25739.exe
    3⤵
    PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
    3⤵
    PID:4748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
    3⤵
    PID:4280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
  2⤵
  PID:1296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
  2⤵
  PID:3164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
  2⤵
  PID:4880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
  2⤵
  PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe

Filesize
468KB

MD5
ddf73b65d8c31785fc3b056f13def273

SHA1
7c1d36f4f40d44a0e3e07828fc152e5693b29a70

SHA256
c78d0ec9da5c3a7ac3d6c7fae61dabfb2cc7e5130b101de16e24c21f8af699ed

SHA512
18609f97392ad359ea609a92df461d4c64d5983bacf0a6ab3bec370befe1a902c02f94c5fdd03458ae34df532c28f26146ea06fd43e0cc9686fd42f63ceb196c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe

Filesize
468KB

MD5
db162dab24a50b90417b33a857e109e4

SHA1
9d5c52a8213840cde06c346d4087977fbc9fa8a3

SHA256
dfe8cd924a63bcf6485ca432c445e38d023056ee5883ef17b1176d1efce104f2

SHA512
9a65f179ad665e334ee6bddd8b3c54888d60a7488d51e46889f2d91b97685e1234217cc904eebd93a0d20ec945499ba83262abae014a193932bc8dd0d31553df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe

Filesize
468KB

MD5
f90d9146c51cbb592678135d77262ca8

SHA1
f2ea8f9fadeedf10e8ae3a660af508c3f7175d24

SHA256
047bfb93a4b5d5142acb5a59c25133440890eb16aad3316df3a6f8d70c6c3c72

SHA512
9bc60dc06570f37677935c574d3433c1f9fa68b08f16be8735b39811829c374b5867a4c8abad21c843ce02e9e3cdeb6e3f61161ddaae937c91428438247d6171

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe

Filesize
468KB

MD5
0ee47aa34129d7efcc3bc73fd56753f6

SHA1
0e8e49eddf48e84523bcf431925d8db9dbfe65b7

SHA256
ce63ad110f9aac0ee2f2cddce58e3779a7b780ff84a5a3df8147e24371aa7806

SHA512
604c771512ba9bf89410f862327a8decac1c5ccbe4f7e33d93df8962ba12cd5057eaf9e6ac2f218f310de698f405e589ee9d10ac63d70abb0dc0439c68caef5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe

Filesize
468KB

MD5
31924ab73b8bfc14493a9b84fce29c3c

SHA1
b612e21c2ee411473d86d9727d56d00342763438

SHA256
1e9a82506a155334123c8abbbed65fdce96e5d43fca6a987343b3eaa7a6991da

SHA512
4d32def58047e3f0180f281b4f351fcf854124ead09e0d2bc3a46f9535019c0ba96b915ccd8bfd666d37013dd41d7a7b006f448b56022b4a58292097103891ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe

Filesize
468KB

MD5
c0447e232bb669973a0d734214046535

SHA1
1f08ebc85e94f575381b8fc4a5cdd97337be3f41

SHA256
a5d5126a45f5836710d00bc8dea97db23ca81a7467ef56c856cff2de49d4e9f4

SHA512
2d56470ca04fac193468ef5ffd2b622dabf69afffb7dbc725364669d3349fbcd667a0c55a76ee4566748b977b2b5c79b237bc6c711add4d660d902277f857ccf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe

Filesize
468KB

MD5
bf5ab800ea462a6c8ebda00ee0b58e51

SHA1
13254e53b690b0a0015489b05a4a91320badd15c

SHA256
6ce9ea127f46aa6f4f9d94abf77366fc34f87b1bc61440b68953e1cf1a454318

SHA512
ce39d6b72dd2a648f41617b5bdbe14f64bf9a19f4876ca7b88a557961799111fc246419733c2d4576de85df0889581baab1f7696fa2a88f8e1fa1d24c52c6225

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe

Filesize
468KB

MD5
5e0235392e8322736e4a9c67553b0c17

SHA1
b90e529638e5890e2f72b1c1a452670d13b1f5bd

SHA256
ed63d65f59ee2f5f0ed6729ea525b171dfa5c8db4074e7657471ee64d0e4f566

SHA512
90028417d5bb75a09c9748406deb716b89757b9975c186702acad0a5f9f763e3c02e7887a5a280e5db0dd0285ebad6fdbc870d0ca6a923896b2ce2d301cbb7e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe

Filesize
468KB

MD5
0323591f097c1a01b164fb74204e2ad0

SHA1
6eed683dd7ca854c7d1ada157112ca6365489d28

SHA256
998f90943a902edeb6975e956ae4b21b8eaf39d5e9cc77898681468697d87d65

SHA512
74e2896c55557f02735ea14be244d44a8dd371a2b0057d0328a6e41ddc25ca0f456fb4d855a09dd0a9c406282daee4a4a381d6e7bf7fb230b2bc425eaa8d1a99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe

Filesize
468KB

MD5
86348a445ad41b987ebb1b8b0378cc54

SHA1
cb3afa2ac7ab7408653d93b1586bef48f77d3900

SHA256
81db584ada8169d5bc14b4b0b6b044461c23f83a92bec1b0a27ad06431d1f1b4

SHA512
4c47cd69743c484db1e87480cf14e008257690769edee48ffb9e5b9e75925477ef91abc2449a7a0fbb938db46f6731a46aebe654a628bfb7a9bc2a4e8bb5c1da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe

Filesize
468KB

MD5
5ab9dc58227d1e00ccf0dc8dbe93a275

SHA1
5a4e44980703ac143643e50c960896ee74b03313

SHA256
f6119dd1b9361763165add68f73d1e193a2894548b252ad73f583d909d95354d

SHA512
d15ba8fa1ca4a8547e63b8caa83d1fc5aee76d177e378cd8c98c345ce16daf7d6e27354eb2fef8024aa569bb426d047844cd07c07454b5cbd313504e8959b686

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe

Filesize
468KB

MD5
d134b769980ac6e38f7d832398100697

SHA1
2afd1949bede944f077441a44e609b5d321e17de

SHA256
eb1f4fc853addcfe46ae41932bb9178a92cb06e88489baf2f62d7d4bf8864f5c

SHA512
a7294966a1d5ed15f7d3d4d78f9eb32103c1257270c655393308186130469d7342677e46fe9b87b16d6837ee42def7bc2969811c3ccb096cb8859cd5a709cec3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe

Filesize
468KB

MD5
77edbc126440d0c3d7d9d85c6c56e2db

SHA1
a23ba228ec16559c07f0393dd86ad7a5348222fe

SHA256
e812397668c6347d13bf146e3d01cf529c6a039c51061c6c4b5593db96ebe7bf

SHA512
3d3929055f0d014b8a4b469a60aa0a84bfd434cbc2298b41f48258130949f3262420566edf902df4e669aca6f490b685df481112af07523867137d81fc5a5695

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe

Filesize
468KB

MD5
2fb294d343702f1a6e1b45ccea0dc69b

SHA1
1d01f0ff6237b446016c2689daa54d6ea23d33c8

SHA256
5f1581da1fe2808848f5ebc3f11e0a493e3a650a530261cc8c2388c068d1a4f4

SHA512
fe2a7a5ba668cc6dc131a2715821bc39e0f9616b2f5da192ab7c17d49d6336df7aa363e5f562c3f9fdfafff7932b388f3f74e210f901766e954e2731e332f801

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe

Filesize
468KB

MD5
e8833740acdc62ca3d98f37532bc650e

SHA1
04a2ed5cbedcd27dc8de04fdc1d6d58d66aca82c

SHA256
9d89ffc4e461e8401bbca0e05632845c69e126ad6ac598f3dd5dbcfcb6911ff2

SHA512
9285b5004ef779d32b2562f0d9c09f1b666a0b230096972dc59a6d76c84488617d1810de02e48229b95d6f8b290a259c3dbbf7174cdce4da924982ff34bf0705

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe

Filesize
468KB

MD5
45e479482079f80c59679c81eb16fca4

SHA1
b28a228873001b4e66d8ddcc4239a3914ae5d008

SHA256
43ec03ad2cad0dc29c22a851edfff119dac9625a28bf15625977ed0bcfc7f25b

SHA512
ead041ed179e67052d4e4cc7f515e3a425975e269e458430ac2dc0bc857331aaf17222f99cf3c4cfdd97f950759bff3f75aa2ba898f95c383fa18c2a3ac84c93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe

Filesize
468KB

MD5
288a0da5f856b229382f1c1e0905d2ea

SHA1
670e43ba4c0b99a40c8fef7c76b5a07e672cb1d2

SHA256
3f98e3b247bcbae17656e5c1e57869716f372f35e1f7d51408a5dbe8a2e5dd4b

SHA512
9a657ef9ec7e4a5ade29a840a49cdb67df15aa1125eb37b1b294a4c438e4066efb5e0fe9cf54c3388ae0d9694b7223a0f76aec448a855b93f6de2fc3c3478a2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe

Filesize
468KB

MD5
ad3d544f0ff6b5e38469388d5c52db8c

SHA1
cd1cd5fc02b9bea64a54ff9d3adbe9fcf74f0e72

SHA256
5f29c83cab9f4020eac3d182716711b1da447cd99bf1cf2ea33df886da68c5cc

SHA512
32fb8a40f912ca62c55279c1c275c5b6eb499a9ceac8228e19abf55a7f3083ee3607ea3cc1a26412f6d363163d2ded1d01da1410e3a408def453e0d5ba4edb80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe

Filesize
468KB

MD5
56844812e010491fa8e9884e15531df3

SHA1
a8dcaad485e2a136fabc422d66dbdf8e9e9dcd44

SHA256
9f74b8e2f1754dacde52401bf18bd3793e08f38f0239ca486867ba002700c8c1

SHA512
7aa0ad9c17810d3af7c3e8f157fc789497e2bf230c18534f917e72da3158f8f89ae412f3025be82a7b9f9bb1b8f026e33b8ad44c27a198a4163b369997fc95d4

Download Submit