8e0c078e8956bdeee0adc3c88b89f7311a597f1c95856b7c5ac502962800e328

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac39fc7b58bd44b9873fef69126327f0N.exe
Size

468KB
MD5

ac39fc7b58bd44b9873fef69126327f0
SHA1

d0c71b31a4f2161eb39df75f2d8ed7333345acb0
SHA256

8e0c078e8956bdeee0adc3c88b89f7311a597f1c95856b7c5ac502962800e328
SHA512

a3c9e95749599f1a9347a550b650cbbdfc17141e9aa503195bbf3e0198f5b65407124eb8cb0ceb603a88a2068fedd9505a2a23fb0464a166ebea0f2e4fbea5c7
SSDEEP

3072:EYgtogIyb45BtbYdPzqjQf8/ECObZnpsnmHhQEhb67sMMPlHHdEN:EYqok4BtSP+jQfhphL67VGlHH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2904	Unicorn-57309.exe
2444	Unicorn-24838.exe
1528	Unicorn-3863.exe
2880	Unicorn-25068.exe
2892	Unicorn-64063.exe
1852	Unicorn-31199.exe
1660	Unicorn-21613.exe
2668	Unicorn-32730.exe
2652	Unicorn-7768.exe
2924	Unicorn-39938.exe
2192	Unicorn-53321.exe
560	Unicorn-65018.exe
1580	Unicorn-63601.exe
948	Unicorn-17930.exe
2864	Unicorn-19775.exe
1556	Unicorn-55968.exe
3008	Unicorn-13975.exe
632	Unicorn-59647.exe
2228	Unicorn-29549.exe
2320	Unicorn-29025.exe
3012	Unicorn-4172.exe
816	Unicorn-15870.exe
2132	Unicorn-15678.exe
684	Unicorn-17715.exe
1940	Unicorn-50964.exe
2148	Unicorn-57094.exe
1644	Unicorn-57094.exe
944	Unicorn-57094.exe
1796	Unicorn-31173.exe
756	Unicorn-36076.exe
912	Unicorn-35884.exe
864	Unicorn-36695.exe
2096	Unicorn-5868.exe
3024	Unicorn-12875.exe
1736	Unicorn-15485.exe
1600	Unicorn-60924.exe
2976	Unicorn-60924.exe
2348	Unicorn-19050.exe
2336	Unicorn-13450.exe
900	Unicorn-22580.exe
2372	Unicorn-26581.exe
2872	Unicorn-47643.exe
2728	Unicorn-25355.exe
2596	Unicorn-4956.exe
2804	Unicorn-11972.exe
2764	Unicorn-57644.exe
2220	Unicorn-32947.exe
1028	Unicorn-37354.exe
2044	Unicorn-37354.exe
2964	Unicorn-43633.exe
2936	Unicorn-29599.exe
2028	Unicorn-43706.exe
2308	Unicorn-59856.exe
1972	Unicorn-51298.exe
2088	Unicorn-51298.exe
2784	Unicorn-43130.exe
1516	Unicorn-64489.exe
400	Unicorn-45169.exe
2064	Unicorn-18107.exe
1956	Unicorn-63778.exe
1372	Unicorn-19568.exe
2484	Unicorn-9170.exe
1952	Unicorn-17374.exe
1104	Unicorn-37240.exe

Loads dropped DLL 64 IoCs

pid	Process
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
2904	Unicorn-57309.exe
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
2904	Unicorn-57309.exe
2444	Unicorn-24838.exe
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
1528	Unicorn-3863.exe
2444	Unicorn-24838.exe
1528	Unicorn-3863.exe
2904	Unicorn-57309.exe
2904	Unicorn-57309.exe
2880	Unicorn-25068.exe
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
2880	Unicorn-25068.exe
1852	Unicorn-31199.exe
1852	Unicorn-31199.exe
1528	Unicorn-3863.exe
1528	Unicorn-3863.exe
2892	Unicorn-64063.exe
2892	Unicorn-64063.exe
1660	Unicorn-21613.exe
2444	Unicorn-24838.exe
2904	Unicorn-57309.exe
1660	Unicorn-21613.exe
2444	Unicorn-24838.exe
2904	Unicorn-57309.exe
2668	Unicorn-32730.exe
2668	Unicorn-32730.exe
2652	Unicorn-7768.exe
2652	Unicorn-7768.exe
2880	Unicorn-25068.exe
2880	Unicorn-25068.exe
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
560	Unicorn-65018.exe
560	Unicorn-65018.exe
1580	Unicorn-63601.exe
2892	Unicorn-64063.exe
2892	Unicorn-64063.exe
1580	Unicorn-63601.exe
2192	Unicorn-53321.exe
2192	Unicorn-53321.exe
2444	Unicorn-24838.exe
2444	Unicorn-24838.exe
1528	Unicorn-3863.exe
2924	Unicorn-39938.exe
1528	Unicorn-3863.exe
948	Unicorn-17930.exe
948	Unicorn-17930.exe
2864	Unicorn-19775.exe
2864	Unicorn-19775.exe
2924	Unicorn-39938.exe
2904	Unicorn-57309.exe
2904	Unicorn-57309.exe
1852	Unicorn-31199.exe
1852	Unicorn-31199.exe
1660	Unicorn-21613.exe
1660	Unicorn-21613.exe
632	Unicorn-59647.exe
632	Unicorn-59647.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64145.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1976	ac39fc7b58bd44b9873fef69126327f0N.exe
2904	Unicorn-57309.exe
2444	Unicorn-24838.exe
1528	Unicorn-3863.exe
2880	Unicorn-25068.exe
2892	Unicorn-64063.exe
1852	Unicorn-31199.exe
1660	Unicorn-21613.exe
2652	Unicorn-7768.exe
2668	Unicorn-32730.exe
2924	Unicorn-39938.exe
560	Unicorn-65018.exe
1580	Unicorn-63601.exe
2864	Unicorn-19775.exe
2192	Unicorn-53321.exe
948	Unicorn-17930.exe
1556	Unicorn-55968.exe
2228	Unicorn-29549.exe
632	Unicorn-59647.exe
3008	Unicorn-13975.exe
2320	Unicorn-29025.exe
3012	Unicorn-4172.exe
816	Unicorn-15870.exe
2132	Unicorn-15678.exe
684	Unicorn-17715.exe
944	Unicorn-57094.exe
1644	Unicorn-57094.exe
2148	Unicorn-57094.exe
1940	Unicorn-50964.exe
1796	Unicorn-31173.exe
756	Unicorn-36076.exe
912	Unicorn-35884.exe
864	Unicorn-36695.exe
2096	Unicorn-5868.exe
3024	Unicorn-12875.exe
1600	Unicorn-60924.exe
1736	Unicorn-15485.exe
2976	Unicorn-60924.exe
2336	Unicorn-13450.exe
2348	Unicorn-19050.exe
900	Unicorn-22580.exe
2372	Unicorn-26581.exe
2872	Unicorn-47643.exe
2728	Unicorn-25355.exe
2596	Unicorn-4956.exe
2804	Unicorn-11972.exe
2764	Unicorn-57644.exe
2220	Unicorn-32947.exe
1028	Unicorn-37354.exe
2044	Unicorn-37354.exe
2964	Unicorn-43633.exe
2028	Unicorn-43706.exe
2936	Unicorn-29599.exe
2308	Unicorn-59856.exe
2784	Unicorn-43130.exe
1972	Unicorn-51298.exe
2088	Unicorn-51298.exe
400	Unicorn-45169.exe
1516	Unicorn-64489.exe
1372	Unicorn-19568.exe
2064	Unicorn-18107.exe
1956	Unicorn-63778.exe
2484	Unicorn-9170.exe
1952	Unicorn-17374.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2904	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	29
PID 1976 wrote to memory of 2904	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	29
PID 1976 wrote to memory of 2904	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	29
PID 1976 wrote to memory of 2904	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	29
PID 1976 wrote to memory of 2444	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	31
PID 1976 wrote to memory of 2444	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	31
PID 1976 wrote to memory of 2444	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	31
PID 1976 wrote to memory of 2444	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	31
PID 2904 wrote to memory of 1528	2904	Unicorn-57309.exe	30
PID 2904 wrote to memory of 1528	2904	Unicorn-57309.exe	30
PID 2904 wrote to memory of 1528	2904	Unicorn-57309.exe	30
PID 2904 wrote to memory of 1528	2904	Unicorn-57309.exe	30
PID 1976 wrote to memory of 2880	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	33
PID 1976 wrote to memory of 2880	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	33
PID 1976 wrote to memory of 2880	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	33
PID 1976 wrote to memory of 2880	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	33
PID 2444 wrote to memory of 2892	2444	Unicorn-24838.exe	32
PID 2444 wrote to memory of 2892	2444	Unicorn-24838.exe	32
PID 2444 wrote to memory of 2892	2444	Unicorn-24838.exe	32
PID 2444 wrote to memory of 2892	2444	Unicorn-24838.exe	32
PID 1528 wrote to memory of 1852	1528	Unicorn-3863.exe	34
PID 1528 wrote to memory of 1852	1528	Unicorn-3863.exe	34
PID 1528 wrote to memory of 1852	1528	Unicorn-3863.exe	34
PID 1528 wrote to memory of 1852	1528	Unicorn-3863.exe	34
PID 2904 wrote to memory of 1660	2904	Unicorn-57309.exe	35
PID 2904 wrote to memory of 1660	2904	Unicorn-57309.exe	35
PID 2904 wrote to memory of 1660	2904	Unicorn-57309.exe	35
PID 2904 wrote to memory of 1660	2904	Unicorn-57309.exe	35
PID 1976 wrote to memory of 2652	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	37
PID 1976 wrote to memory of 2652	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	37
PID 1976 wrote to memory of 2652	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	37
PID 1976 wrote to memory of 2652	1976	ac39fc7b58bd44b9873fef69126327f0N.exe	37
PID 2880 wrote to memory of 2668	2880	Unicorn-25068.exe	36
PID 2880 wrote to memory of 2668	2880	Unicorn-25068.exe	36
PID 2880 wrote to memory of 2668	2880	Unicorn-25068.exe	36
PID 2880 wrote to memory of 2668	2880	Unicorn-25068.exe	36
PID 1852 wrote to memory of 2924	1852	Unicorn-31199.exe	38
PID 1852 wrote to memory of 2924	1852	Unicorn-31199.exe	38
PID 1852 wrote to memory of 2924	1852	Unicorn-31199.exe	38
PID 1852 wrote to memory of 2924	1852	Unicorn-31199.exe	38
PID 1528 wrote to memory of 2192	1528	Unicorn-3863.exe	39
PID 1528 wrote to memory of 2192	1528	Unicorn-3863.exe	39
PID 1528 wrote to memory of 2192	1528	Unicorn-3863.exe	39
PID 1528 wrote to memory of 2192	1528	Unicorn-3863.exe	39
PID 2892 wrote to memory of 560	2892	Unicorn-64063.exe	40
PID 2892 wrote to memory of 560	2892	Unicorn-64063.exe	40
PID 2892 wrote to memory of 560	2892	Unicorn-64063.exe	40
PID 2892 wrote to memory of 560	2892	Unicorn-64063.exe	40
PID 1660 wrote to memory of 948	1660	Unicorn-21613.exe	41
PID 1660 wrote to memory of 948	1660	Unicorn-21613.exe	41
PID 1660 wrote to memory of 948	1660	Unicorn-21613.exe	41
PID 1660 wrote to memory of 948	1660	Unicorn-21613.exe	41
PID 2444 wrote to memory of 1580	2444	Unicorn-24838.exe	42
PID 2444 wrote to memory of 1580	2444	Unicorn-24838.exe	42
PID 2444 wrote to memory of 1580	2444	Unicorn-24838.exe	42
PID 2444 wrote to memory of 1580	2444	Unicorn-24838.exe	42
PID 2904 wrote to memory of 2864	2904	Unicorn-57309.exe	43
PID 2904 wrote to memory of 2864	2904	Unicorn-57309.exe	43
PID 2904 wrote to memory of 2864	2904	Unicorn-57309.exe	43
PID 2904 wrote to memory of 2864	2904	Unicorn-57309.exe	43
PID 2668 wrote to memory of 1556	2668	Unicorn-32730.exe	44
PID 2668 wrote to memory of 1556	2668	Unicorn-32730.exe	44
PID 2668 wrote to memory of 1556	2668	Unicorn-32730.exe	44
PID 2668 wrote to memory of 1556	2668	Unicorn-32730.exe	44

C:\Users\Admin\AppData\Local\Temp\ac39fc7b58bd44b9873fef69126327f0N.exe
"C:\Users\Admin\AppData\Local\Temp\ac39fc7b58bd44b9873fef69126327f0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        6⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        6⤵
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        6⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        7⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        7⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        6⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        5⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24891.exe
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15678.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
        7⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
        6⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        5⤵
        
        PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        5⤵
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
      4⤵
      PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
      4⤵
      PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        6⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        7⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        6⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
        6⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        6⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24703.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        6⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        5⤵
        
        PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
      4⤵
      PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
      4⤵
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        6⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        7⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        6⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        6⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        5⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        5⤵
        
        PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
      4⤵
      PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        5⤵
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33246.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        5⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27567.exe
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7461.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
      4⤵
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
      4⤵
      PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
      4⤵
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
      4⤵
      PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
    3⤵
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
    3⤵
    PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
    3⤵
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20601.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        7⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        7⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        7⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        6⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45800.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        6⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6590.exe
        5⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        5⤵
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        5⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
        5⤵
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37240.exe
        6⤵
        Executes dropped EXE
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        7⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        6⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13918.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        6⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        5⤵
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        5⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        5⤵
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        5⤵
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        5⤵
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
      4⤵
      PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
      4⤵
      PID:4316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
        6⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        6⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        6⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
        5⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        5⤵
        
        PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48883.exe
        5⤵
        
        PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        5⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
      4⤵
      PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
      4⤵
      PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7409.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
      4⤵
      PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
        5⤵
        
        PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
      4⤵
      PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
      4⤵
      PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
      4⤵
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
    3⤵
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
    3⤵
    PID:3816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        6⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        6⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        6⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        5⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        5⤵
        
        PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        5⤵
        
        PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
      4⤵
      PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
      4⤵
      PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
      4⤵
      PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35088.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
        6⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        5⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
      4⤵
      PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
      4⤵
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
      4⤵
      PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
      4⤵
      PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
      4⤵
      PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
      4⤵
      PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
      4⤵
      PID:4936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
    3⤵
    PID:848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
    3⤵
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
    3⤵
    PID:4948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13975.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        5⤵
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
        5⤵
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
      4⤵
      PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12343.exe
      4⤵
      PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
      4⤵
      PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15753.exe
      4⤵
      PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
    3⤵
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
    3⤵
    PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
    3⤵
    PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
    3⤵
    PID:3480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
    3⤵
    PID:4216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        5⤵
        
        PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
    3⤵
    PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
    3⤵
    PID:3356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
    3⤵
    PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
    3⤵
    PID:4612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
    3⤵
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
    3⤵
    PID:2060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
    3⤵
    PID:4148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
    3⤵
    PID:4284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
  2⤵
  PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
  2⤵
  PID:1036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
  2⤵
  PID:3920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
  2⤵
  PID:3516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe

Filesize
468KB

MD5
54a8ea91083d1ad6603dd25d711372ec

SHA1
6aca5d281935069dbac793e22551ba050bda8f8a

SHA256
8f396822f3191eeb1871f1e1075abbd739b0ca2eba914990b31d83e0979d470c

SHA512
313020a60244ecd3f4b4024b779fe8537bd545855ada8f28da258ee322609d4fd159fe9e75091153c16cbe514f6a08621048bbe79b555ee55f7159d388a45858

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe

Filesize
468KB

MD5
651cf54ca541ff01490cc26324a4ab6f

SHA1
90cd77fb1040e5b92dcdfd8a6977f4ec4462232b

SHA256
71be5b5d43029768d1dffcf31fee82d69bad2218be80d0f3b3114d5a123899db

SHA512
c0871b83f61bd9ec03abef30cb7ff0932d99bcc85b6dac62b3eec82ff65d46d7a811bbe3b2ccd7d57c599a4e6891870d879c59492570393a7440fb7aaf3ffd77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe

Filesize
468KB

MD5
ac8a506428395a38013e700ae81515f1

SHA1
413de6dd3994ed5e956a80558618a49568c514f2

SHA256
44b73a27eb66a85dc7561ed40d2cd7d714d94ec63ed01d6038b22a6861cf7b27

SHA512
2ee0ec071558890d387c393e3bb5253ccfab3aba994d5ad522ba841da8211dc045f74b0ca0dc88d2668a6c0c2c10131db86ec7d1236a22c14feee2c399b143de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe

Filesize
468KB

MD5
1d11812d86c0098a086089578c66af71

SHA1
b4d94066f34dd797066e1c3cb575131d2f92ef3e

SHA256
bd9fe20b8e988a75cf70809c926ec1f8a5fac3225be4aa5460ae81e70083b35c

SHA512
618a6f83036c09602710095a3b4792e0b1c35ada66a079aac5fe0b42f1e82ff7e8c314c126dc862b99d1d2ee9df47aa173a4b6eaf51e5f594825c7369ca7df8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe

Filesize
468KB

MD5
b6eb5b9dba6294c78c9e8814d35c20bc

SHA1
74295d1138695fc941db72289f70ce7e857c066b

SHA256
c47ad83eb81453019fb2b406a36c06108ead4a50cfcb269a95ac653c6eb4710b

SHA512
211000277d566dc010efb3b9549d6ad4aa1a562edc8acf28b2deb0680ff94b53dac5c69d1e7d9010f663ab38934ffdab830335bf48b865c8c99e6433d8cb1745

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe

Filesize
468KB

MD5
6b33d84d304cdebd1673d961cdcbe3a6

SHA1
f4c54139cf428b6cb38dfd6ce3c2628e054e7d06

SHA256
0120febc766a72fa3af4522bf02e3d63dfed47a3c2f20fcfbc45bbf027839a9b

SHA512
a61c0d89a51bb46dad5f200bfe83363f996c3d3973b61b47139253be8ad0b2f74ca7cec0638b4a0d61c5f3b2f54b47b2958bc62722cb7b0b92dc670b5823ef0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13975.exe

Filesize
468KB

MD5
5e0fa5cf10d8eecc625f4e1799a192f1

SHA1
7c5fe4f0b37a29d3fbd0f6c8259ebaa26ed571c1

SHA256
525c73d6e314ff3eae7ee27694052a0832d0986441fbe9b2f701a23baa543afb

SHA512
8641f3e181d0ea8e10242b3c74ec9e70d45c7e9adc6ef4ee34ef2c3ffd049753e07040876ede3b701e4b4721d1623c1637373f9c8613d6e6df3c73c10f077084

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe

Filesize
468KB

MD5
e70e7d88debedc0d2b6d93c8804cee00

SHA1
96cc3b9a99dc6327632a715948446287ab0d6feb

SHA256
72bd3124a240b98d14c7cb7e6f27115c993627f9eccf013d8d3b30e4fa7e0468

SHA512
fc6be06ebf61b7f8768a09d4843cddd61babcef5af0b302f23d678f2df6a5d0477a515a01fdc635179274cf377f7bdefa465123880d85ef5261a95f3efb8d0b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe

Filesize
468KB

MD5
8c169d86aaa7b55aa6fb9817b6e205a0

SHA1
ee589fc6436f4dd8bf4dd2827f1433bdadbd07b8

SHA256
7528d5ff10bdba5d4a8366ef1fcbc2b828311ad2e89ea9c1cec1502cfbfe0d21

SHA512
6eef21dd183973185ca71a4c619ea279e881378f58604acaad0606e4ee076dc5818d7bf38ff17340f2254ad0b6f91d658aa6ed6f117e091ca134c5fcaa48df0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe

Filesize
468KB

MD5
60eb030579dc1e68f2b97bbadf50f287

SHA1
30a5952e6f6c6c07cf0e97cd79aee91152d4a2a0

SHA256
65e84b9522b71816504f162ab42ca9661bb3694ed16eb79074e9bd7b24efb43c

SHA512
b279931f230508f1dbbf5507c78cd2f405dad1dbfc3e81fc5da5d9a3933e2828ea0a6230fc792311d006e366b16cce036452071e03717e304f937df548bd8e3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe

Filesize
468KB

MD5
88d56fc300123111229104852d72a701

SHA1
694bb500339a048046067945ad479987ab738ac1

SHA256
3dd5fc4cad615640f2886cbd4183142fc9569a9842bd62372490f70f2c7aa977

SHA512
671587990365dd131932a65628310219e2fe20852e186f408ffc08e470835979e8e428567e84518b9fb6f8d615f23a6b30a68a2778ba88f33cb08ebdadbff7ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe

Filesize
468KB

MD5
9978b4f1653c1a49856fb89c0b700b10

SHA1
37ed4b025bceea71a13daa7704ca2bdb52304be8

SHA256
52e4f99062a968800df40ad52708bd366a36ab428150d81b2477af445e4cd15d

SHA512
69574514a8755bcbed4ed68da7b2c903dcadcdfda952fd0d7c8d20ca49b0bc479b8d27557bd7766f99b6d19592588a4c2551008747461ef364e8808e7823fd5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe

Filesize
468KB

MD5
60c425aec1cb6a8a1a2ebbcdc1b1cd14

SHA1
139cf78642e901de6a558b8042aae30620735e33

SHA256
c7f06c3903591c5e158314c41d0a737ec771b054f35fefc53d06e6c500db65fa

SHA512
25b249d7b7ca8f18ef5be90a470495ab304eac9e6c77c623df692de686399803a4cc0cc619bbbba1fd8296ca3d59ae687631a85647e486327220d0b70bdaf146

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe

Filesize
468KB

MD5
696e81d8a62efe4e4e4b091927e8a67d

SHA1
806df838d32dac19adbeb3a80aa7ba812e6c2fbe

SHA256
87043bb45f36f3afa8ee6da39d0384ae9a63b59f2b90d1fa09f52213afcba6f6

SHA512
a8ac2e5ed0cc608b51365b18c8f46738f775a90169d5bea8c6743b1b28137bf6694a7071c761b84202bdf3bc3d8bbe61f69af59d43ba65ebbed0fe9e47fec9e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe

Filesize
468KB

MD5
cc80b89038ecdac8b695973647a11f0b

SHA1
9c2b6d3dbe261fdc738df0210e307e278f74eaff

SHA256
7262bce5281a780562d0f416c964d3f167f5d5574966a5ccbd4a055a735599b6

SHA512
fb6db4327628d841bfb052590e558cf92d811e203fde960b78f952c01db7fe9b86ad61ada5e94733a998855a0898779f4e49d1f8cf5f2c8785d880dafdf81a21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe

Filesize
468KB

MD5
13df76dbfe35460765175150409aefd1

SHA1
ff683e6397322aeb5935657000149417e42c6280

SHA256
f6c8465697e0c8855dea21f0aa2fb1876afe363a024c4a3b43583b3d7a1eb277

SHA512
05f03e4ae529e6ecfca7e154e34d63405a0fb4a9b5375b5e99b66fa7ae75b05fd23e0aa5e9844a9021158b2415f9b810b6cdb3083709e1f8e0a5ecb41c9d6b8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe

Filesize
468KB

MD5
9de27d5963d0618ba3710ee559726875

SHA1
2ee869affd557e22096ea4cf22c6be073c1d4ccf

SHA256
60276095727b2ad4c68c1986319e47dca306dd3b612391263bc816b49421f844

SHA512
f073bb57c3c4ff09f851db69df922af736575c61fff67516672c5a0b76a749fdbd93c66187296a3e0fba4aca633d632adcb634cdf27876028cfb13716640861a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe

Filesize
468KB

MD5
86d525e046f91fd1e80c04c65a56b9fe

SHA1
5cb4c0f97673d7cde47ed167fefebca59c236277

SHA256
a9a7c710c9339e14b861fae7028c0d63c31fffb1ac17bd1887e630301d85b190

SHA512
5f90ef9041d4fb2c8e08c62e5bb9d39652a0e63059721e1f381d296c5c980d2510233c5d854ff484a6564618691e7e3961f28ac938ccfa31fb7fbaebcf48b570

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe

Filesize
468KB

MD5
5c7fcf40256254a485e62a863170bd5e

SHA1
2591ffd069332d3a0713e40f06c49d0424c0e223

SHA256
897e211d8379e1d004d85526dbd3b07ecc0f8962434a8ed2709735b4725fc628

SHA512
cf27e72ea4db39ff72317bb9c4716744b2a24b06ac82083433c34a0e136862ab32774f679cecc1d60b73419e148d1d99b2074b31fe2fa399feecc64b75e5df62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe

Filesize
468KB

MD5
2ea669ad9181d9933a57129fd2a6b133

SHA1
80c79ac03202014e21d6c5284acc9efe64c53375

SHA256
30fd0f8ef4760607711dfecc08f1372f08fad4b5a7770fdc67068e8a1d2f61a7

SHA512
693ee88c68e46fb0ad733a415df8e8f7a58f7d0681b64a00b2673b7add287ad10a817e83d1c0d3973441bdbd5e9577da581e6947248006e16b8f8c14b2b65a3d

Download Submit