2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac

Analysis

max time kernel
150s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
Size

468KB
MD5

1b8a5d5d466554935d8bb2bc5eb06e46
SHA1

7e9bce66a031d836f07461e6fef236317f6a4842
SHA256

2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac
SHA512

a1fe1ebca7c76f0ad41038735c1d25db9b8832334e5048966b7726fac3288b11c5c9d75fc4349b378967abe9b4a35a2e10a2892e7ee9331bcdd3d5a1fd53f86c
SSDEEP

3072:VPGjovOWI35vtbYvJg+5OfDVrrCdIqIpXlmHeVSICvlxvsIU9S5VB:VP+oIJvtYJT5Ofy0XkvlRdU9S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2480	Unicorn-26728.exe
2840	Unicorn-9960.exe
2932	Unicorn-25742.exe
2820	Unicorn-29909.exe
2796	Unicorn-43483.exe
2640	Unicorn-36707.exe
2708	Unicorn-30576.exe
1732	Unicorn-4117.exe
2384	Unicorn-59903.exe
2544	Unicorn-34652.exe
1140	Unicorn-26383.exe
2616	Unicorn-32514.exe
2896	Unicorn-8320.exe
3004	Unicorn-8585.exe
2132	Unicorn-54257.exe
2240	Unicorn-7215.exe
2216	Unicorn-33343.exe
2076	Unicorn-12176.exe
1828	Unicorn-51547.exe
1452	Unicorn-27505.exe
2016	Unicorn-884.exe
756	Unicorn-15829.exe
1952	Unicorn-39779.exe
2432	Unicorn-9052.exe
2596	Unicorn-40963.exe
1996	Unicorn-2565.exe
1696	Unicorn-62145.exe
2960	Unicorn-19167.exe
916	Unicorn-37541.exe
2184	Unicorn-31973.exe
576	Unicorn-31767.exe
2716	Unicorn-30951.exe
2236	Unicorn-32343.exe
2724	Unicorn-9784.exe
2312	Unicorn-55456.exe
2764	Unicorn-24074.exe
2916	Unicorn-17761.exe
2924	Unicorn-3105.exe
2744	Unicorn-60739.exe
2768	Unicorn-48086.exe
1228	Unicorn-43910.exe
2108	Unicorn-33604.exe
1088	Unicorn-58776.exe
2368	Unicorn-46987.exe
2348	Unicorn-21736.exe
1832	Unicorn-57101.exe
2876	Unicorn-1123.exe
2892	Unicorn-42056.exe
1060	Unicorn-3837.exe
2264	Unicorn-31464.exe
540	Unicorn-34372.exe
2124	Unicorn-12368.exe
2256	Unicorn-4221.exe
1736	Unicorn-64720.exe
2152	Unicorn-8113.exe
2340	Unicorn-8113.exe
1204	Unicorn-54361.exe
1492	Unicorn-23634.exe
2320	Unicorn-59836.exe
2484	Unicorn-10635.exe
1528	Unicorn-7739.exe
1800	Unicorn-8004.exe
780	Unicorn-53676.exe
1744	Unicorn-8559.exe

Loads dropped DLL 64 IoCs

pid	Process
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
2480	Unicorn-26728.exe
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
2480	Unicorn-26728.exe
2932	Unicorn-25742.exe
2932	Unicorn-25742.exe
2480	Unicorn-26728.exe
2480	Unicorn-26728.exe
2840	Unicorn-9960.exe
2840	Unicorn-9960.exe
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
2820	Unicorn-29909.exe
2820	Unicorn-29909.exe
2932	Unicorn-25742.exe
2932	Unicorn-25742.exe
2796	Unicorn-43483.exe
2796	Unicorn-43483.exe
2480	Unicorn-26728.exe
2480	Unicorn-26728.exe
2640	Unicorn-36707.exe
2640	Unicorn-36707.exe
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
2708	Unicorn-30576.exe
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
2840	Unicorn-9960.exe
2708	Unicorn-30576.exe
2840	Unicorn-9960.exe
1732	Unicorn-4117.exe
1732	Unicorn-4117.exe
2820	Unicorn-29909.exe
2820	Unicorn-29909.exe
2384	Unicorn-59903.exe
2384	Unicorn-59903.exe
2932	Unicorn-25742.exe
2932	Unicorn-25742.exe
2708	Unicorn-30576.exe
2708	Unicorn-30576.exe
2616	Unicorn-32514.exe
2616	Unicorn-32514.exe
2640	Unicorn-36707.exe
2640	Unicorn-36707.exe
2896	Unicorn-8320.exe
2896	Unicorn-8320.exe
1140	Unicorn-26383.exe
1140	Unicorn-26383.exe
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
2480	Unicorn-26728.exe
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
2480	Unicorn-26728.exe
2132	Unicorn-54257.exe
2132	Unicorn-54257.exe
2544	Unicorn-34652.exe
2544	Unicorn-34652.exe
2840	Unicorn-9960.exe
2840	Unicorn-9960.exe
2796	Unicorn-43483.exe
2796	Unicorn-43483.exe
2240	Unicorn-7215.exe
2240	Unicorn-7215.exe
1732	Unicorn-4117.exe
1732	Unicorn-4117.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31583.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
2480	Unicorn-26728.exe
2932	Unicorn-25742.exe
2840	Unicorn-9960.exe
2820	Unicorn-29909.exe
2796	Unicorn-43483.exe
2640	Unicorn-36707.exe
2708	Unicorn-30576.exe
1732	Unicorn-4117.exe
2384	Unicorn-59903.exe
2544	Unicorn-34652.exe
1140	Unicorn-26383.exe
3004	Unicorn-8585.exe
2896	Unicorn-8320.exe
2616	Unicorn-32514.exe
2132	Unicorn-54257.exe
2240	Unicorn-7215.exe
2216	Unicorn-33343.exe
2076	Unicorn-12176.exe
1828	Unicorn-51547.exe
1452	Unicorn-27505.exe
2016	Unicorn-884.exe
756	Unicorn-15829.exe
2432	Unicorn-9052.exe
1952	Unicorn-39779.exe
1996	Unicorn-2565.exe
2596	Unicorn-40963.exe
916	Unicorn-37541.exe
2960	Unicorn-19167.exe
1696	Unicorn-62145.exe
2184	Unicorn-31973.exe
576	Unicorn-31767.exe
2716	Unicorn-30951.exe
2236	Unicorn-32343.exe
2724	Unicorn-9784.exe
2312	Unicorn-55456.exe
2764	Unicorn-24074.exe
2916	Unicorn-17761.exe
2924	Unicorn-3105.exe
2744	Unicorn-60739.exe
2768	Unicorn-48086.exe
1228	Unicorn-43910.exe
2108	Unicorn-33604.exe
1088	Unicorn-58776.exe
2368	Unicorn-46987.exe
1832	Unicorn-57101.exe
2876	Unicorn-1123.exe
2348	Unicorn-21736.exe
2892	Unicorn-42056.exe
1060	Unicorn-3837.exe
2264	Unicorn-31464.exe
540	Unicorn-34372.exe
2124	Unicorn-12368.exe
2256	Unicorn-4221.exe
2340	Unicorn-8113.exe
1736	Unicorn-64720.exe
2152	Unicorn-8113.exe
1204	Unicorn-54361.exe
1492	Unicorn-23634.exe
1800	Unicorn-8004.exe
2320	Unicorn-59836.exe
2484	Unicorn-10635.exe
1528	Unicorn-7739.exe
780	Unicorn-53676.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2480	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	29
PID 1120 wrote to memory of 2480	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	29
PID 1120 wrote to memory of 2480	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	29
PID 1120 wrote to memory of 2480	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	29
PID 1120 wrote to memory of 2840	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	30
PID 1120 wrote to memory of 2840	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	30
PID 1120 wrote to memory of 2840	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	30
PID 1120 wrote to memory of 2840	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	30
PID 2480 wrote to memory of 2932	2480	Unicorn-26728.exe	31
PID 2480 wrote to memory of 2932	2480	Unicorn-26728.exe	31
PID 2480 wrote to memory of 2932	2480	Unicorn-26728.exe	31
PID 2480 wrote to memory of 2932	2480	Unicorn-26728.exe	31
PID 2932 wrote to memory of 2820	2932	Unicorn-25742.exe	32
PID 2932 wrote to memory of 2820	2932	Unicorn-25742.exe	32
PID 2932 wrote to memory of 2820	2932	Unicorn-25742.exe	32
PID 2932 wrote to memory of 2820	2932	Unicorn-25742.exe	32
PID 2480 wrote to memory of 2796	2480	Unicorn-26728.exe	33
PID 2480 wrote to memory of 2796	2480	Unicorn-26728.exe	33
PID 2480 wrote to memory of 2796	2480	Unicorn-26728.exe	33
PID 2480 wrote to memory of 2796	2480	Unicorn-26728.exe	33
PID 2840 wrote to memory of 2640	2840	Unicorn-9960.exe	34
PID 2840 wrote to memory of 2640	2840	Unicorn-9960.exe	34
PID 2840 wrote to memory of 2640	2840	Unicorn-9960.exe	34
PID 2840 wrote to memory of 2640	2840	Unicorn-9960.exe	34
PID 1120 wrote to memory of 2708	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	35
PID 1120 wrote to memory of 2708	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	35
PID 1120 wrote to memory of 2708	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	35
PID 1120 wrote to memory of 2708	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	35
PID 2820 wrote to memory of 1732	2820	Unicorn-29909.exe	36
PID 2820 wrote to memory of 1732	2820	Unicorn-29909.exe	36
PID 2820 wrote to memory of 1732	2820	Unicorn-29909.exe	36
PID 2820 wrote to memory of 1732	2820	Unicorn-29909.exe	36
PID 2932 wrote to memory of 2384	2932	Unicorn-25742.exe	37
PID 2932 wrote to memory of 2384	2932	Unicorn-25742.exe	37
PID 2932 wrote to memory of 2384	2932	Unicorn-25742.exe	37
PID 2932 wrote to memory of 2384	2932	Unicorn-25742.exe	37
PID 2796 wrote to memory of 2544	2796	Unicorn-43483.exe	38
PID 2796 wrote to memory of 2544	2796	Unicorn-43483.exe	38
PID 2796 wrote to memory of 2544	2796	Unicorn-43483.exe	38
PID 2796 wrote to memory of 2544	2796	Unicorn-43483.exe	38
PID 2480 wrote to memory of 1140	2480	Unicorn-26728.exe	39
PID 2480 wrote to memory of 1140	2480	Unicorn-26728.exe	39
PID 2480 wrote to memory of 1140	2480	Unicorn-26728.exe	39
PID 2480 wrote to memory of 1140	2480	Unicorn-26728.exe	39
PID 2640 wrote to memory of 2616	2640	Unicorn-36707.exe	40
PID 2640 wrote to memory of 2616	2640	Unicorn-36707.exe	40
PID 2640 wrote to memory of 2616	2640	Unicorn-36707.exe	40
PID 2640 wrote to memory of 2616	2640	Unicorn-36707.exe	40
PID 1120 wrote to memory of 2896	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	41
PID 1120 wrote to memory of 2896	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	41
PID 1120 wrote to memory of 2896	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	41
PID 1120 wrote to memory of 2896	1120	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	41
PID 2708 wrote to memory of 3004	2708	Unicorn-30576.exe	42
PID 2708 wrote to memory of 3004	2708	Unicorn-30576.exe	42
PID 2708 wrote to memory of 3004	2708	Unicorn-30576.exe	42
PID 2708 wrote to memory of 3004	2708	Unicorn-30576.exe	42
PID 2840 wrote to memory of 2132	2840	Unicorn-9960.exe	43
PID 2840 wrote to memory of 2132	2840	Unicorn-9960.exe	43
PID 2840 wrote to memory of 2132	2840	Unicorn-9960.exe	43
PID 2840 wrote to memory of 2132	2840	Unicorn-9960.exe	43
PID 1732 wrote to memory of 2240	1732	Unicorn-4117.exe	44
PID 1732 wrote to memory of 2240	1732	Unicorn-4117.exe	44
PID 1732 wrote to memory of 2240	1732	Unicorn-4117.exe	44
PID 1732 wrote to memory of 2240	1732	Unicorn-4117.exe	44

C:\Users\Admin\AppData\Local\Temp\2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
"C:\Users\Admin\AppData\Local\Temp\2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4117.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        7⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        7⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        7⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        7⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        6⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
        6⤵
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        7⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        7⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        6⤵
        Executes dropped EXE
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52221.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
        6⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1026.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59903.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        7⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        7⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53349.exe
        6⤵
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        6⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        6⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        6⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        5⤵
        
        PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        7⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53676.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        6⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        5⤵
        
        PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
      4⤵
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
      4⤵
      PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34652.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        7⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        5⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        6⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        6⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16045.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        6⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        5⤵
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        5⤵
        
        PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42056.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        5⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        5⤵
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
      4⤵
      PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
      4⤵
      PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        6⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        5⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
      4⤵
      PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
      4⤵
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
      4⤵
      PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
      4⤵
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
      4⤵
      PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26094.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64720.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
      4⤵
      PID:4468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
    3⤵
    PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
    3⤵
    PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
    3⤵
    PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64997.exe
    3⤵
    PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
    3⤵
    PID:6140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        7⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        6⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42242.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
        6⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        6⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        5⤵
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41470.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15829.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        6⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        5⤵
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        5⤵
        
        PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        5⤵
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        5⤵
        
        PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
      4⤵
      PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
      4⤵
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
      4⤵
      PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        5⤵
        
        PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        5⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
      4⤵
      PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
      4⤵
      PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37541.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
      4⤵
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
      4⤵
      PID:5212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
    3⤵
    PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
    3⤵
    PID:824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
    3⤵
    PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
    3⤵
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
    3⤵
    PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
    3⤵
    PID:5200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
      4⤵
      PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
      4⤵
      PID:6116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10565.exe
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
      4⤵
      PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
      4⤵
      PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
    3⤵
    PID:552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
    3⤵
    PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
    3⤵
    PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
    3⤵
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
    3⤵
    PID:5552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
      4⤵
      PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
      4⤵
      PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
      4⤵
      PID:5512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
    3⤵
    PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
    3⤵
    PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
    3⤵
    PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
    3⤵
    PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
      4⤵
      PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
      4⤵
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
      4⤵
      PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
      4⤵
      PID:5864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
    3⤵
    PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
    3⤵
    PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
    3⤵
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
      4⤵
      PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
    3⤵
    PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
    3⤵
    PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
    3⤵
    PID:5736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
  2⤵
  PID:2244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
  2⤵
  PID:968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
  2⤵
  PID:456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7803.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7803.exe
  2⤵
  PID:3420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
  2⤵
  PID:3212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
  2⤵
  PID:4556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
  2⤵
  PID:5808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe

Filesize
468KB

MD5
bf287d98ee7cfd14748fc2596bac1550

SHA1
f18df8ee6e96ea3b4119a3f360b29f7a1eb541b3

SHA256
eafe22912d46723e0b5fe9d42fa0271a6d7138ecd969a384b1a05804e7d0bc11

SHA512
3e8d7d031f9aa4c51adec9a8672d1ca99ec2f0c6c274a12b71dab3a33549128faadc65320f06924671c5b6261edc1d638c9ea597d05b8c8d02c92bda21f93bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe

Filesize
468KB

MD5
01011bcf1a96374aef05238bd1e2dc2c

SHA1
aa3b643ffbcb8c00da1881547355f583cd8611fe

SHA256
0ff9288d4712f11ab947ec8b75ee2e2a72a8beef6991cb18b6d06bd7072a8ed4

SHA512
ea435cdd1931888911d546e42c811750fe37619dbf2ffe267ea8ffa7ad63b1f0f3c0bdde3ca6dc388339c7095eec6828e80a2c1576645c66814b7ee6965f0f93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe

Filesize
468KB

MD5
96e9ff519b34ffb6d06ac2f70f86ec18

SHA1
a4669ca16e416ad4f64c40b0196997c0c8c64ec1

SHA256
03cd46b580fb6f27c2703858f49f604833e83e836f1834703edfb2ac7e79c652

SHA512
d417d26b0ed3eb35d3693d1926322873456f3456f913576a3530fa0bcfff15cc353edb25e5a991ef35f316379ce49ff80a4d3473cd7990cc983845c629c6f468

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe

Filesize
468KB

MD5
9dd22f438ff0b75db9a059bcac004487

SHA1
dbc68e90ca9fc15d0e02edcd3b36769e31fb3db4

SHA256
7cd11ad3cb44a7b2a553af4ed7f039a9360969e7e003967116a2138bd2d0d9b5

SHA512
5bbea9909c29b0d524484812bb5dfcad9b3a6ced54e8ae77915ba306d7904c3f995f79c04aacefd36994d7d8e75f242f8fcde95363e609fd49044c839ebd70d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34652.exe

Filesize
468KB

MD5
9324f653a281071a7e2ec0653c4f34bb

SHA1
9bac20a8e97933687c8b3d65d0ad23a103e35143

SHA256
879890e645841208b93866534a37b00b446ab1a1b4c7f36b537e15e9b93fe0fd

SHA512
0665f87501f9a507ac735a2f7eeb1d694ff30ac5e7d5f768b73b1f6797508bc50dce5cda90393bbcf74c13e222e3b7c21581677586f370797f1f6b50a192d84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe

Filesize
468KB

MD5
536af01ce37ca30eab91828bf27b71c6

SHA1
592a6d02b2d1a9c3f6b79c443ce7d37546b5728f

SHA256
3e5cc22825c5e596fa4ba9782fd76ea0a9839bf659ede77a72574a52c38b390d

SHA512
c77c60d50cbac81cdad9ade0852c65c91c5f48142d7e8cadb724d657826adfc15debc0d3c47896b0ef22dd8754f7e20634da3bb6835c1c97344e9b4f207a8853

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe

Filesize
468KB

MD5
bf11ea1ff29a31ef5b326cde513aa549

SHA1
c90d1cc38e8816fee4b44381fdc85e523621c40c

SHA256
43c92361d0e4326167239045333625925816d26ae94754d8d758dd6cec8bbe64

SHA512
7c5dcd9f9a9284ec9fc1f2b7f43213d2d977f6c129053de7606847585b3ea7da51a5682212975b652ae6e3cba2dfae32ecf1d46926b73cb0e25dc75700017cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe

Filesize
468KB

MD5
ca3e4b3329fe42bae7da03c292285828

SHA1
f18d40bdf3d3ec4d6fe0443567bb834019954137

SHA256
84684772fe5c7f601c022e59319b37bb0247afc341a94640f8563135d245e850

SHA512
e1868c0fd5ea8daec376216391cbb8ca71e594d1238f537d993cf7722d25be02f6e388b15e19d4d2d5231cc38cad22a99595599e2334f0bed62591e2e8745f3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe

Filesize
468KB

MD5
8d91571427e7bd1b5c7b1b045d9a012e

SHA1
323e6304af1433ccaaba7c7ea417e3428ae97e82

SHA256
775b091b6f669d3f601ea7d6b8a5d0103952c452753143bf9307fca44099dccc

SHA512
53298b20d3241c3a0f978232d772804ccdd6a96a5a3a7d5d5303364c0f95737f8add5b2e245877f146c82d0ac0be9b98aa26154c73835f2faf0220e62f532df3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe

Filesize
468KB

MD5
a65030ef99c61920fedd1846ab839821

SHA1
b8d9126f8c4a2c49f3a1ff78051c1b2929a729dc

SHA256
7abfbbd4bf9a1840adab1a39febaca855f2ee013b9308a7abdc1c6194ff411b6

SHA512
3de2a5d8856f119c4d461135f02bee1441e53218920b90d679e4cd462fd9dbb7efb8c4cd5052978fd5efb22f9bceceea3170baccc78ce4776dcb1fc9c5e3396b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe

Filesize
468KB

MD5
21902c6659ef498a4a42a9bb89f08456

SHA1
c9b10662f4a22a87c8198e4f53cf1b151091f713

SHA256
274665174073a5e4f5cc3892cef12808688cee700d6849c2b98d92595d117acf

SHA512
5fc4b871c8091887fd1974fd243e69c80373ab1a052442849f06eb408e48abc621f180f7f85d1d6acd8abe11e10fa4eaebd25cf3f309d1256b484088c9ef6a80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe

Filesize
468KB

MD5
2e950a85eb7403f40ec9729c9fb2ef7b

SHA1
63a8a12b39c8564dbf06f4629fd2367d3894cf99

SHA256
581012bf0d772657730ec04d897936d5105e00967a3a3ff9a61172b6b0fc2fff

SHA512
fe8d5c2a90bf95e91d1f86d1690d85d4ec54dfe43cc092cb995640e6dabd87fc4fd8a6ac53b0b072f0eb2d2de57a9ae563a8f6ab1d7a2f8f2e0fc9be5ef7e9e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe

Filesize
468KB

MD5
4e1b5375be644ba70e3f180a188492f6

SHA1
c80d8512193457cba2303757254be7e8ac52cf9d

SHA256
3dfcce2d7f2626c41bdcf6f60cd163c59925ec2ec62aa6fe17ef833532ca5cba

SHA512
deb31168d8810dd3768f2e84baa819ad539b3b59cc91fa07327873a54e78191e111dc4639ed589ad711e31ee78256ee11ddc62c73dce922015b1d782e74f5f09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe

Filesize
468KB

MD5
6c3b9359eaf3fde1d233026faf84c54c

SHA1
cdb357e3593a172e7195d55934f1e89c4923e5e7

SHA256
32dc8286d72dcf88b3d0cc00725dc2f65f41e174c5eefe7469434be7b9097beb

SHA512
02ab393bfb93991b7a5d34f338ed83e6178485e15d5fde95c626faa96726b129626b04bf1ba3550e400e512783352cda96fcb158c4989a9c7dd125ee36b214b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4117.exe

Filesize
468KB

MD5
4c410499117ecbf71239c237bf75ad4e

SHA1
51cdff19e682681ae7dc72a52a2c7dc066ca31de

SHA256
78624fa6d4d39704ac5f990cf696d777373112b7ef6223d6a51f0f1ace961fee

SHA512
bdf5ad9fc3eaec37d5d33fcd3e19446533a6ee3b3fc6ed4f09a675dcd0ad68e85d9ba8b5660cef94f5b7e3c7de604fc1d8398c6a50c19299ded41cb9d5f2ef8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe

Filesize
468KB

MD5
219c3312b8a48a223560d76a927578c7

SHA1
ba778dd977af95550a2fe816a5221db0f73dfcb9

SHA256
8cbc7736c5d14345e04f08f3861315174e68c635eb2df0d71512caf2ddb2af42

SHA512
c008593e5f420a72d1375acd882b72902c229246c86d16ec47e4969946e1ae145df7744e0cc3529ccb2df84d2e6bbfbbd944c0c75e63105bde5f31714b4d3270

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe

Filesize
468KB

MD5
cb61421476c60354085d67d3c2eebcc1

SHA1
22d0df7c58ed5c24c2d2aac7855fd0d43e25f095

SHA256
9330f499fbd6f32d122f25434794287df62bd44aeb02b2be1481af77c28cb8a2

SHA512
c6087cb60f8f705cf20da79ce4483bdc58a80931acd5048a464e147bdb5cd66019c01131d1ca421ed6034bea0753606097305b3223d2a6598d3029226b06d12c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59903.exe

Filesize
468KB

MD5
3d69ab29bf78ffc430ed5575a0768430

SHA1
03a24b765da344c5d449963e8892369e813d1249

SHA256
224342b1a19bb40d120fec9367ccf90d89c9c6a00c6115697302c8f54a96db84

SHA512
ac96ba2d9de41c35779a061e8fbc826c525bf859659dcdd553467dbd05df938d6be8dcb5415516d939da4989bccfe159a701359bcb2c5be8e385caf83aaa2e23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe

Filesize
468KB

MD5
5678bcdc7d4833789d95322e4327c473

SHA1
552da04bcd4d7726290699b7d0f23e8bf3785b4f

SHA256
522637a9f111ce133263f6205ceb3a3e7ff422eadb34e33d9965e13a4c53eecd

SHA512
1ca9791af4337ba44d1e653d0278c2bb669d683c982277fda60aee66fc484941c5b72f457615db51491bf315df9dd0796d040077b465e3dd1369db6404b9b323

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe

Filesize
468KB

MD5
02dad137cdf1405053a2be0c2afff380

SHA1
3bfaee36af0796d569bebb8fdff4fd516d75ad7c

SHA256
277eb2f01d4988d54883e60f30b5ac04ed6316ecf7845eba6a8982ff9326afd6

SHA512
7d311685b1c0928f04ef4e75841f50c5f0e62fa7fc98a24b592890a8d34c9bbecf0fb89b5d9a81cfd010bc1750c8077b8e25009038f8d393dd09ce81d4817d00

Download Submit