9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552

Analysis

max time kernel
148s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
Size

468KB
MD5

3b41abee8b3e117e6be3e654d29a667f
SHA1

65a21065e473b86ff6841737f40f9774a43f2e96
SHA256

9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552
SHA512

09e8cefdf6cd956dc3c8d58f38d90400d4840d46c0398b6795a8b941e7002786ef34487940d9926bdf625d8e02d6edb35696534abf284c33be5569efbe8127a5
SSDEEP

3072:ibIeogWCYd5ItbYwPztjof8BPCMvPgpVn0HeGfqEclM8UMKLk9ln:ibBotbItvPJjof+cpccl1NKLk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3028	Unicorn-19863.exe
2744	Unicorn-27980.exe
2896	Unicorn-43692.exe
2128	Unicorn-39530.exe
2660	Unicorn-339.exe
2752	Unicorn-46494.exe
2700	Unicorn-13358.exe
572	Unicorn-56020.exe
1276	Unicorn-26938.exe
2020	Unicorn-50774.exe
2708	Unicorn-23342.exe
904	Unicorn-43208.exe
1168	Unicorn-13097.exe
936	Unicorn-19228.exe
304	Unicorn-19538.exe
1444	Unicorn-19081.exe
1840	Unicorn-49075.exe
2316	Unicorn-43471.exe
2260	Unicorn-32327.exe
608	Unicorn-36346.exe
2512	Unicorn-38810.exe
2908	Unicorn-25122.exe
1052	Unicorn-34638.exe
556	Unicorn-5796.exe
2448	Unicorn-8027.exe
332	Unicorn-63606.exe
3008	Unicorn-18271.exe
1160	Unicorn-32107.exe
1976	Unicorn-29611.exe
2344	Unicorn-50068.exe
1152	Unicorn-63501.exe
2604	Unicorn-50620.exe
3060	Unicorn-45576.exe
1760	Unicorn-40932.exe
1188	Unicorn-27018.exe
2732	Unicorn-19666.exe
2796	Unicorn-18130.exe
2296	Unicorn-52835.exe
2932	Unicorn-13329.exe
2928	Unicorn-6593.exe
2804	Unicorn-33999.exe
884	Unicorn-3961.exe
2632	Unicorn-10091.exe
512	Unicorn-2603.exe
2040	Unicorn-2603.exe
2184	Unicorn-33085.exe
1708	Unicorn-18612.exe
2060	Unicorn-13968.exe
1956	Unicorn-55474.exe
2004	Unicorn-19973.exe
432	Unicorn-37395.exe
2248	Unicorn-21320.exe
108	Unicorn-38175.exe
2324	Unicorn-32258.exe
2412	Unicorn-19321.exe
2472	Unicorn-5632.exe
2960	Unicorn-21694.exe
696	Unicorn-31210.exe
784	Unicorn-31048.exe
2948	Unicorn-62965.exe
1700	Unicorn-61263.exe
1672	Unicorn-55133.exe
1532	Unicorn-61263.exe
1360	Unicorn-55783.exe

Loads dropped DLL 64 IoCs

pid	Process
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
3028	Unicorn-19863.exe
3028	Unicorn-19863.exe
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
2744	Unicorn-27980.exe
2744	Unicorn-27980.exe
3028	Unicorn-19863.exe
3028	Unicorn-19863.exe
2896	Unicorn-43692.exe
2896	Unicorn-43692.exe
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
2128	Unicorn-39530.exe
2128	Unicorn-39530.exe
2744	Unicorn-27980.exe
2744	Unicorn-27980.exe
2752	Unicorn-46494.exe
2752	Unicorn-46494.exe
2896	Unicorn-43692.exe
2896	Unicorn-43692.exe
3028	Unicorn-19863.exe
2660	Unicorn-339.exe
2660	Unicorn-339.exe
3028	Unicorn-19863.exe
2700	Unicorn-13358.exe
2700	Unicorn-13358.exe
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
572	Unicorn-56020.exe
572	Unicorn-56020.exe
2128	Unicorn-39530.exe
2128	Unicorn-39530.exe
1276	Unicorn-26938.exe
1276	Unicorn-26938.exe
2744	Unicorn-27980.exe
2744	Unicorn-27980.exe
2020	Unicorn-50774.exe
2020	Unicorn-50774.exe
2752	Unicorn-46494.exe
2752	Unicorn-46494.exe
936	Unicorn-19228.exe
936	Unicorn-19228.exe
2700	Unicorn-13358.exe
2700	Unicorn-13358.exe
1168	Unicorn-13097.exe
1168	Unicorn-13097.exe
3028	Unicorn-19863.exe
3028	Unicorn-19863.exe
904	Unicorn-43208.exe
904	Unicorn-43208.exe
2660	Unicorn-339.exe
2660	Unicorn-339.exe
304	Unicorn-19538.exe
304	Unicorn-19538.exe
2708	Unicorn-23342.exe
2708	Unicorn-23342.exe
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
2896	Unicorn-43692.exe
2896	Unicorn-43692.exe
1444	Unicorn-19081.exe
1444	Unicorn-19081.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27934.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
3028	Unicorn-19863.exe
2744	Unicorn-27980.exe
2896	Unicorn-43692.exe
2128	Unicorn-39530.exe
2752	Unicorn-46494.exe
2700	Unicorn-13358.exe
2660	Unicorn-339.exe
572	Unicorn-56020.exe
1276	Unicorn-26938.exe
2020	Unicorn-50774.exe
1168	Unicorn-13097.exe
904	Unicorn-43208.exe
304	Unicorn-19538.exe
936	Unicorn-19228.exe
2708	Unicorn-23342.exe
1444	Unicorn-19081.exe
2316	Unicorn-43471.exe
1840	Unicorn-49075.exe
2260	Unicorn-32327.exe
608	Unicorn-36346.exe
2512	Unicorn-38810.exe
2908	Unicorn-25122.exe
556	Unicorn-5796.exe
1052	Unicorn-34638.exe
2448	Unicorn-8027.exe
332	Unicorn-63606.exe
3008	Unicorn-18271.exe
1160	Unicorn-32107.exe
1976	Unicorn-29611.exe
2344	Unicorn-50068.exe
1152	Unicorn-63501.exe
2604	Unicorn-50620.exe
1760	Unicorn-40932.exe
2732	Unicorn-19666.exe
1188	Unicorn-27018.exe
2796	Unicorn-18130.exe
2296	Unicorn-52835.exe
2928	Unicorn-6593.exe
2932	Unicorn-13329.exe
884	Unicorn-3961.exe
2804	Unicorn-33999.exe
2632	Unicorn-10091.exe
2040	Unicorn-2603.exe
512	Unicorn-2603.exe
2184	Unicorn-33085.exe
1708	Unicorn-18612.exe
2060	Unicorn-13968.exe
2004	Unicorn-19973.exe
1956	Unicorn-55474.exe
432	Unicorn-37395.exe
2248	Unicorn-21320.exe
108	Unicorn-38175.exe
2412	Unicorn-19321.exe
2324	Unicorn-32258.exe
2472	Unicorn-5632.exe
2960	Unicorn-21694.exe
2948	Unicorn-62965.exe
696	Unicorn-31210.exe
784	Unicorn-31048.exe
1700	Unicorn-61263.exe
1672	Unicorn-55133.exe
1532	Unicorn-61263.exe
692	Unicorn-10111.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 3028	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	29
PID 2420 wrote to memory of 3028	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	29
PID 2420 wrote to memory of 3028	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	29
PID 2420 wrote to memory of 3028	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	29
PID 3028 wrote to memory of 2744	3028	Unicorn-19863.exe	30
PID 3028 wrote to memory of 2744	3028	Unicorn-19863.exe	30
PID 3028 wrote to memory of 2744	3028	Unicorn-19863.exe	30
PID 3028 wrote to memory of 2744	3028	Unicorn-19863.exe	30
PID 2420 wrote to memory of 2896	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	31
PID 2420 wrote to memory of 2896	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	31
PID 2420 wrote to memory of 2896	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	31
PID 2420 wrote to memory of 2896	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	31
PID 2744 wrote to memory of 2128	2744	Unicorn-27980.exe	32
PID 2744 wrote to memory of 2128	2744	Unicorn-27980.exe	32
PID 2744 wrote to memory of 2128	2744	Unicorn-27980.exe	32
PID 2744 wrote to memory of 2128	2744	Unicorn-27980.exe	32
PID 3028 wrote to memory of 2660	3028	Unicorn-19863.exe	33
PID 3028 wrote to memory of 2660	3028	Unicorn-19863.exe	33
PID 3028 wrote to memory of 2660	3028	Unicorn-19863.exe	33
PID 3028 wrote to memory of 2660	3028	Unicorn-19863.exe	33
PID 2896 wrote to memory of 2752	2896	Unicorn-43692.exe	34
PID 2896 wrote to memory of 2752	2896	Unicorn-43692.exe	34
PID 2896 wrote to memory of 2752	2896	Unicorn-43692.exe	34
PID 2896 wrote to memory of 2752	2896	Unicorn-43692.exe	34
PID 2420 wrote to memory of 2700	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	35
PID 2420 wrote to memory of 2700	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	35
PID 2420 wrote to memory of 2700	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	35
PID 2420 wrote to memory of 2700	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	35
PID 2128 wrote to memory of 572	2128	Unicorn-39530.exe	36
PID 2128 wrote to memory of 572	2128	Unicorn-39530.exe	36
PID 2128 wrote to memory of 572	2128	Unicorn-39530.exe	36
PID 2128 wrote to memory of 572	2128	Unicorn-39530.exe	36
PID 2744 wrote to memory of 1276	2744	Unicorn-27980.exe	37
PID 2744 wrote to memory of 1276	2744	Unicorn-27980.exe	37
PID 2744 wrote to memory of 1276	2744	Unicorn-27980.exe	37
PID 2744 wrote to memory of 1276	2744	Unicorn-27980.exe	37
PID 2752 wrote to memory of 2020	2752	Unicorn-46494.exe	38
PID 2752 wrote to memory of 2020	2752	Unicorn-46494.exe	38
PID 2752 wrote to memory of 2020	2752	Unicorn-46494.exe	38
PID 2752 wrote to memory of 2020	2752	Unicorn-46494.exe	38
PID 2896 wrote to memory of 2708	2896	Unicorn-43692.exe	39
PID 2896 wrote to memory of 2708	2896	Unicorn-43692.exe	39
PID 2896 wrote to memory of 2708	2896	Unicorn-43692.exe	39
PID 2896 wrote to memory of 2708	2896	Unicorn-43692.exe	39
PID 3028 wrote to memory of 1168	3028	Unicorn-19863.exe	40
PID 3028 wrote to memory of 1168	3028	Unicorn-19863.exe	40
PID 3028 wrote to memory of 1168	3028	Unicorn-19863.exe	40
PID 3028 wrote to memory of 1168	3028	Unicorn-19863.exe	40
PID 2660 wrote to memory of 904	2660	Unicorn-339.exe	41
PID 2660 wrote to memory of 904	2660	Unicorn-339.exe	41
PID 2660 wrote to memory of 904	2660	Unicorn-339.exe	41
PID 2660 wrote to memory of 904	2660	Unicorn-339.exe	41
PID 2700 wrote to memory of 936	2700	Unicorn-13358.exe	42
PID 2700 wrote to memory of 936	2700	Unicorn-13358.exe	42
PID 2700 wrote to memory of 936	2700	Unicorn-13358.exe	42
PID 2700 wrote to memory of 936	2700	Unicorn-13358.exe	42
PID 2420 wrote to memory of 304	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	43
PID 2420 wrote to memory of 304	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	43
PID 2420 wrote to memory of 304	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	43
PID 2420 wrote to memory of 304	2420	9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe	43
PID 572 wrote to memory of 1444	572	Unicorn-56020.exe	44
PID 572 wrote to memory of 1444	572	Unicorn-56020.exe	44
PID 572 wrote to memory of 1444	572	Unicorn-56020.exe	44
PID 572 wrote to memory of 1444	572	Unicorn-56020.exe	44

C:\Users\Admin\AppData\Local\Temp\9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe
"C:\Users\Admin\AppData\Local\Temp\9bcfa49c3c456cb730e4e282fc50ae34b5cd1203af07ee2f61ace7a796a81552.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        8⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        7⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
        6⤵
        Executes dropped EXE
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        7⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10229.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        7⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
        6⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        6⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        6⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        6⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62599.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        5⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        8⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        8⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        7⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
        6⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        6⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
        6⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        6⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
        5⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        6⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
        6⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24953.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
        5⤵
        Executes dropped EXE
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16161.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        5⤵
        
        PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
      4⤵
      PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
      4⤵
      PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25525.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
      4⤵
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
      4⤵
      PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
      4⤵
      PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50298.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        6⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        6⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10803.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        7⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        7⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        6⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        6⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        6⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22441.exe
        6⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
        5⤵
        
        PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        6⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        5⤵
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        5⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24350.exe
        5⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
      4⤵
      PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
      4⤵
      PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
      4⤵
      PID:5588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        6⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        5⤵
        
        PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19321.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        5⤵
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
      4⤵
      PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
      4⤵
      PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        5⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        5⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
      4⤵
      PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
      4⤵
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
      4⤵
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
      4⤵
      PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
      4⤵
      PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
      4⤵
      PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
      4⤵
      PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
      4⤵
      PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
    3⤵
    PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
    3⤵
    PID:840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
    3⤵
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
    3⤵
    PID:5324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        7⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25530.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        6⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        6⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        6⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        5⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37240.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65182.exe
        5⤵
        
        PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        6⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        6⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29964.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        5⤵
        
        PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe
        5⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        5⤵
        
        PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
      4⤵
      PID:5928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        6⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
      4⤵
      PID:388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
      4⤵
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
      4⤵
      PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
      4⤵
      PID:6008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
      4⤵
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59231.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
    3⤵
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
    3⤵
    PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
    3⤵
    PID:5564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19228.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
      4⤵
      PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
      4⤵
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
      4⤵
      PID:5656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        5⤵
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
      4⤵
      PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
      4⤵
      PID:4932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
      4⤵
      PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
    3⤵
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
    3⤵
    PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
    3⤵
    PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
    3⤵
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
    3⤵
    PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
    3⤵
    PID:5456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19538.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19538.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5632.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        6⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
      4⤵
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
      4⤵
      PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
      4⤵
      PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
      4⤵
      PID:6108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46180.exe
      4⤵
      PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
    3⤵
    PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
    3⤵
    PID:1644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
    3⤵
    PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
    3⤵
    PID:4144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
    3⤵
    PID:5608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
      4⤵
      PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
    3⤵
    PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
    3⤵
    PID:3100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
    3⤵
    PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
  2⤵
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
    3⤵
    PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
    3⤵
    PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
    3⤵
    PID:3868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
    3⤵
    PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
    3⤵
    PID:4936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
  2⤵
  PID:1628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
  2⤵
  PID:3324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
  2⤵
  PID:3932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
  2⤵
  PID:4444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
  2⤵
  PID:4660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
  2⤵
  PID:5980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19228.exe

Filesize
468KB

MD5
0c537b7ad52cc5c7be145c18c44686eb

SHA1
6b1ffb8f662b46f9b001427fe9cb0b7058b07cc4

SHA256
12a1a73e4542058a618ca8614746b29e57817c7eb2a1da75565e3b7f98aa46cd

SHA512
57d34d1388596abf1d381e4480e0fba896b2245f7e419e8876aa2cb9ce468e6eabebb55d8f0283a1b391649b255e672c2ea78b922c62c6db75539894efd95ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe

Filesize
468KB

MD5
960780ae4e3e42031bb1869eb4887a5a

SHA1
9247a900f6b18ae778570d58727c26356b5a2e67

SHA256
8f7bb1a05369840999cf83d8326d82cdb34182aa2b471ed45a628b37f15b0e82

SHA512
9e505f292c7470b8e579a9a0d8ffeef1f6b2a4d6beb22f91bebb18da4cb690758717a6c9af9f7f10265cc55d6fad8895fc7acb4b368927618f5f6beb5cf27230

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe

Filesize
468KB

MD5
632bae1da6932e33056a99364c64d8c1

SHA1
b5443dbf11da46403a4a89b50c9c436a5419e106

SHA256
868d49c26320e7437a7f992695b5c98047688ecdb276047897dd65bdcfa490fa

SHA512
f627af02218477f95faa96f648d1e9da9b8b9ef158fda8edee08706e8bbcbe51368966be4566b4c1161cdfb82e556fdaf440db6e4e9b59d98a468f3cc9cd43e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe

Filesize
468KB

MD5
efc695345b738c8925aa819f4831c480

SHA1
10e5d7199b3d4bc8dc948ec3546c06597bc8297e

SHA256
caffcafc1c9028405e3610a112dffaecc3f05471aa562af642390e2c13cf6bd5

SHA512
76daa0090dd57eddcf9efb3c56472519c59e2cc981f2dd8c0fa096f210000f5acca051c6202120ec347dc9f91bd656041cc44669ea4b6b6e8fdea50f5e0248d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe

Filesize
468KB

MD5
ae4da2f1f102c36afbb5e469e47e7680

SHA1
efc19619151a7d843e68f4aff3349550633851ca

SHA256
988c9d20e403bf9deaf34fccba024b61707ae50276858320327dfca9e563b519

SHA512
fdea6f1655831351f5a5dff98c67e725575a39d31c5e08e71a1db003561cee21daa6602878f5234c1e4abcdf4653d276a169753ee1811dce6a74d0c6270ba51a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe

Filesize
468KB

MD5
6ab0db9b463bfddaa2873916ac449168

SHA1
48b317f64b88d3703789eaff1de4aa39e1be6089

SHA256
6b6fc42b330ea38366f9dc96449ff3d29a62e5909f171e8f8ff2b0f9693781d2

SHA512
acdcd54d8e006ba916af57e0acaa14afbccd747f50cc30d836750067091ce8507d482ee0ced965bc8e9de01a50627b25f37d5aa7c33e00aa548cef7f0a0f832c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe

Filesize
468KB

MD5
86914c5d863f3cc2743189c914b5a6a5

SHA1
3bb926544c57ffd56974d9df98596a676d50bf2e

SHA256
daf5f1ea774571ffb50af2c283c67e66db1eaa7ce3e4699b810f38fd83c93a9d

SHA512
4f09194ecafee77bb9e01e9152acc5694e47d3538fbb06ae4c2cd120a11179d13e7245e90ea0f7b49c265929179db9373895905a64c86ac3ce476aced5606e93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19538.exe

Filesize
468KB

MD5
207865d90b68eeea5d8b49afa1bcd5d6

SHA1
98e9528e8baf7ff13f57482b7e3eb6e537e54dc0

SHA256
99eade3923d065ac3078ad8f65ac6155c00967266b6124f49a09ba65fbb090f4

SHA512
d5a16077e89e3c78a22230bd15c4a262e4cf2cc7b7e0138ff60df223c6c699dd1e8d44e0954f3760abf6eb19038598705e72a2ee03a65b0612b18a7c5d585afd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe

Filesize
468KB

MD5
66ec8f1f8cdad9cff7f85bb30bc68b1f

SHA1
2ba8b4b1d87bac947d1ba5b02c15bc33a27cba69

SHA256
1f16d00f851459454d19fa96aa38a0d1407c1aa2bf7a4dc0f7efd25d7d99d07f

SHA512
d9d098523f8c02e775cfeeb0690a32d59b6dcfbf8229e134ddbe7a059e678eefcc57d6c132aafd3b0b023e36a60ddeb2392bc36e136a718da8f412538a9a6e25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe

Filesize
468KB

MD5
a23bd4e230a0ac717a5bcaa95bb12f26

SHA1
610cf4661fc762a310b7502b999ba1e34b9475f1

SHA256
9ec45a9f0e28ca2e51c2a1dc7bf27745be89a2da113510b2d2d47cead4f3135e

SHA512
3b99499829b2e259bfcee07c630102df3e0bbdae83adad7271ac25bfaa95ec16c9a3ab94c63edfa0bcbed8055ced0a1917e537a39ec520e39d474360dd370a92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe

Filesize
468KB

MD5
9aae2b8a4d2686cd16b3259a1a8801a0

SHA1
b37e849b57a3edb3b941d5a737ae4495184d8474

SHA256
36d9376cabdfe9a726cc497ab98e14576d5f9d8df5d7bd263e6ebbbec82b5c92

SHA512
8dbba5e3bec535d310e2bb5577805ca00f3654380a0b72e891e8dad3e82c1407bf01bb0a9e61af6c38bc00af92cda7c6643516b3e629ce3a3d89ba53fb6a7c79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe

Filesize
468KB

MD5
e140ae76c03b2758d0fe7dc7bc11c95a

SHA1
6dcc7db3aed9773933a48228c7d29ec48f403881

SHA256
d3b2c5909056085aaa202cee83ab1f53992da4382b9f9a9213d554771b6b69d3

SHA512
74e37ea7ed7a41fb7a983347763010cd47bf0890e501bbc7bf288f8eb968e0afbe4d71584f8fbf7bbaf844276efda585e74f835f7353c40fb15b82e8fb7a0dfb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe

Filesize
468KB

MD5
008becf494598ca765fae6a91a930ecc

SHA1
2b54c6ccd8ef6708cdcfc92b2ade8cd9059305ce

SHA256
5e1389e6ab0f31c196b939ffe84538bcbd09d5195bc7afb08e4257cb2507d650

SHA512
e708bcd2404cf8348a94293994ab2d37e12bde7a2ca7627eca41ca00c36501bc1e977790ae95abe022514d1b0e715e7d29de1e557fc17521ec45e0ae2fefc722

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-339.exe

Filesize
468KB

MD5
dd8e483f7b36f9f073e629b23073616e

SHA1
aa8d934f86e768d0fe37bdd087ba87827dccd1fb

SHA256
4364d32c13c8ab4e514afd73fe49186b08ebbd2005d9a99ea6756ec13e6812cb

SHA512
d034aabd63179c9e8ce3df46235a9a05d7fe11179954e6ff138cfad708896d99226fc3af85bda3f937a578705fcc9b71ddad62519ca9f3732663739a0b65ae49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe

Filesize
468KB

MD5
4cbc2b885f37ab731466d501305306d1

SHA1
c3b15044fe3ea135a2474b80563c4c0463312d86

SHA256
72d8f8a9c6528f78fd1ceb5737b71d7e2a831e199a981aff088ea119a536a377

SHA512
20c9390e5b8018f7e3508fb1f8d4a451e7758d493395c305833ca90751196eb76e7ae4fc7cb8f41881966d14e7e97ac83b39c01d08931ddff0fb552a53cf6367

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe

Filesize
468KB

MD5
f76b61822b65ad2d6818bce09375b9d4

SHA1
9ebdef28c2f99a3bcf008e962d92992e8fd0ba35

SHA256
f934d6d73a8e987db23e6cad658e2968563a4bdb042494b8489bba1315819378

SHA512
db125cc0408c14d6f3646cda8195f18c125c6fbe7a28eb84568be6352cd1f95e43b9ef65310c2ee97b8ff978c7c37e92f231be42647fb07cdcce52e97a7babd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe

Filesize
468KB

MD5
0f19b0707a6f365967cfa5f59be76877

SHA1
335cb7bf0e946a14fffc98485761199351b9013d

SHA256
01e0713779077e521dcc96655687d2d49b669f83b39563005a702d690b624fa4

SHA512
2dc4733bac3352de1a9fc376653294a1c84b7ef926b05e4d6b87e85724ebd0661b2fd84b9f3bb245a68901b8962c55cd37fc0cfadfdee0b006f580d0fe8d1905

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe

Filesize
468KB

MD5
bbae86567325eacaa6a1b76fcfb57faa

SHA1
441570401c2255d9323b4cd2b7a13348635db07b

SHA256
e00e30339f65ea56ee0771144a13ca7975eb348efc58b8cc7c2b49d31fd5ba5f

SHA512
a61bb08034bac3a721fd572259a1735edfd67e23c5ee6b348b521364ed654ec8f38ece5e2b72e83493f574f678286a35d970dc4455c8de3323e128d93e787551

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe

Filesize
468KB

MD5
1ca4a4ff1357b0a45754b7f3bc21eac8

SHA1
9606312b12f6d55861c555fd5b347d4742de044f

SHA256
913d7179443b836afca1dc4c53affa2b8abe6a4a49d442e217d1ea1fc3ed7344

SHA512
0d5d6ea0ef36445bd9f055b05f7c2f7ada774b4effd07313675ea7ab692162a87cfd40d96742af55ee050b0c2c1632280df871ca366af3bb780e62cea6ba60f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe

Filesize
468KB

MD5
c65f7b7095c426beb1f007a29840a7f9

SHA1
ebdf87de7b39a17a786fc480916afe9ca52cf9b0

SHA256
b47fc11ce21ac2c808373fe4303cba895a93371c257259ed38f35779e1a0958a

SHA512
2120267defa44701a07f66f35b26aa330f5abf0f1ee504d09816ff6e285842fb3c45e5c5c4a2566349da61b4737427f3b9050c2a7cb2b698f8a79d2268a59ae8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe

Filesize
468KB

MD5
5c667f7f0ef9b8fd3c46089256e8dd6a

SHA1
dc3b1bacd80278539e215e7ddb1cd65150cd48c6

SHA256
cfa37e8f73861caba07af0361a3fb2caf750405d78885cee15fe8f2f2d5d1c90

SHA512
1354e457a009bf3123d554269596f4602e4a92a20071b0b0b59add79db49b575335741b396e014d84a6b50cf4e02956f998ad5f110e6831a620d9262b8002af0

Download Submit