ea9ddfaf84b6b885ec3253067259e6669aec5a3b77dbbb9bd05306685dff9b64

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bad4185da6947d79d79bbb57c99d370N.exe
Size

468KB
MD5

5bad4185da6947d79d79bbb57c99d370
SHA1

5938a61af4407c6bd429e3f00b75580b5f3112b9
SHA256

ea9ddfaf84b6b885ec3253067259e6669aec5a3b77dbbb9bd05306685dff9b64
SHA512

664a70f1206e35c4e55631bf5c68241fe5002236869a3e46b0fa103ae977717661b1c03d59dd47461c778a8600f79b96d30e3869116ded4250acb7c59bf21629
SSDEEP

3072:/bCBovIwU35/tbYIPgt58fF/E5RwOIXXgmHo3rBab0sirfR+TOl3:/bIoIJ/tzPM58f62kYb0vjR+T

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2588	Unicorn-1258.exe
2052	Unicorn-9509.exe
2880	Unicorn-44875.exe
2980	Unicorn-49123.exe
2972	Unicorn-59329.exe
2080	Unicorn-64068.exe
2940	Unicorn-57291.exe
2172	Unicorn-59896.exe
1928	Unicorn-37073.exe
1676	Unicorn-14779.exe
2492	Unicorn-14779.exe
2184	Unicorn-8649.exe
1628	Unicorn-14779.exe
1576	Unicorn-56751.exe
2364	Unicorn-56751.exe
2860	Unicorn-5625.exe
1652	Unicorn-21831.exe
2200	Unicorn-15054.exe
2268	Unicorn-19806.exe
2320	Unicorn-25937.exe
2344	Unicorn-18323.exe
1040	Unicorn-34105.exe
524	Unicorn-13227.exe
788	Unicorn-13492.exe
2528	Unicorn-32521.exe
1756	Unicorn-52387.exe
2540	Unicorn-33913.exe
1220	Unicorn-24982.exe
1724	Unicorn-54333.exe
2028	Unicorn-51572.exe
956	Unicorn-16106.exe
768	Unicorn-7654.exe
948	Unicorn-14431.exe
880	Unicorn-55677.exe
1088	Unicorn-29589.exe
684	Unicorn-16591.exe
1020	Unicorn-34307.exe
2744	Unicorn-5791.exe
2868	Unicorn-57493.exe
2808	Unicorn-16638.exe
2884	Unicorn-13108.exe
2332	Unicorn-14499.exe
2704	Unicorn-51348.exe
2864	Unicorn-16446.exe
2680	Unicorn-16446.exe
2772	Unicorn-52387.exe
600	Unicorn-52387.exe
1008	Unicorn-585.exe
2580	Unicorn-6715.exe
2548	Unicorn-35304.exe
1208	Unicorn-16830.exe
2712	Unicorn-31119.exe
1788	Unicorn-43286.exe
2908	Unicorn-17214.exe
1572	Unicorn-17214.exe
2748	Unicorn-17214.exe
1668	Unicorn-62885.exe
2828	Unicorn-17214.exe
1436	Unicorn-47940.exe
2840	Unicorn-36242.exe
3024	Unicorn-20482.exe
2176	Unicorn-38764.exe
2340	Unicorn-61753.exe
1048	Unicorn-31796.exe

Loads dropped DLL 64 IoCs

pid	Process
3056	5bad4185da6947d79d79bbb57c99d370N.exe
3056	5bad4185da6947d79d79bbb57c99d370N.exe
2588	Unicorn-1258.exe
2588	Unicorn-1258.exe
3056	5bad4185da6947d79d79bbb57c99d370N.exe
3056	5bad4185da6947d79d79bbb57c99d370N.exe
2588	Unicorn-1258.exe
2052	Unicorn-9509.exe
3056	5bad4185da6947d79d79bbb57c99d370N.exe
2880	Unicorn-44875.exe
3056	5bad4185da6947d79d79bbb57c99d370N.exe
2880	Unicorn-44875.exe
2588	Unicorn-1258.exe
2052	Unicorn-9509.exe
2972	Unicorn-59329.exe
2972	Unicorn-59329.exe
3056	5bad4185da6947d79d79bbb57c99d370N.exe
3056	5bad4185da6947d79d79bbb57c99d370N.exe
2588	Unicorn-1258.exe
2940	Unicorn-57291.exe
2980	Unicorn-49123.exe
2940	Unicorn-57291.exe
2080	Unicorn-64068.exe
2980	Unicorn-49123.exe
2080	Unicorn-64068.exe
2588	Unicorn-1258.exe
2880	Unicorn-44875.exe
2052	Unicorn-9509.exe
2052	Unicorn-9509.exe
2880	Unicorn-44875.exe
2172	Unicorn-59896.exe
2172	Unicorn-59896.exe
2972	Unicorn-59329.exe
2972	Unicorn-59329.exe
1576	Unicorn-56751.exe
1576	Unicorn-56751.exe
2880	Unicorn-44875.exe
2492	Unicorn-14779.exe
2880	Unicorn-44875.exe
2492	Unicorn-14779.exe
2980	Unicorn-49123.exe
2980	Unicorn-49123.exe
2184	Unicorn-8649.exe
2184	Unicorn-8649.exe
2588	Unicorn-1258.exe
2588	Unicorn-1258.exe
1628	Unicorn-14779.exe
1628	Unicorn-14779.exe
2080	Unicorn-64068.exe
2080	Unicorn-64068.exe
1928	Unicorn-37073.exe
1928	Unicorn-37073.exe
3056	5bad4185da6947d79d79bbb57c99d370N.exe
1676	Unicorn-14779.exe
1676	Unicorn-14779.exe
3056	5bad4185da6947d79d79bbb57c99d370N.exe
2364	Unicorn-56751.exe
2364	Unicorn-56751.exe
2940	Unicorn-57291.exe
2940	Unicorn-57291.exe
2052	Unicorn-9509.exe
2052	Unicorn-9509.exe
2860	Unicorn-5625.exe
2860	Unicorn-5625.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63264.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3056	5bad4185da6947d79d79bbb57c99d370N.exe
2588	Unicorn-1258.exe
2052	Unicorn-9509.exe
2880	Unicorn-44875.exe
2972	Unicorn-59329.exe
2980	Unicorn-49123.exe
2940	Unicorn-57291.exe
2080	Unicorn-64068.exe
2172	Unicorn-59896.exe
1676	Unicorn-14779.exe
1628	Unicorn-14779.exe
1576	Unicorn-56751.exe
1928	Unicorn-37073.exe
2492	Unicorn-14779.exe
2184	Unicorn-8649.exe
2364	Unicorn-56751.exe
2860	Unicorn-5625.exe
1652	Unicorn-21831.exe
2200	Unicorn-15054.exe
2268	Unicorn-19806.exe
2320	Unicorn-25937.exe
2344	Unicorn-18323.exe
524	Unicorn-13227.exe
788	Unicorn-13492.exe
1040	Unicorn-34105.exe
2528	Unicorn-32521.exe
1756	Unicorn-52387.exe
2540	Unicorn-33913.exe
2028	Unicorn-51572.exe
1220	Unicorn-24982.exe
1724	Unicorn-54333.exe
956	Unicorn-16106.exe
768	Unicorn-7654.exe
948	Unicorn-14431.exe
880	Unicorn-55677.exe
684	Unicorn-16591.exe
1088	Unicorn-29589.exe
1020	Unicorn-34307.exe
2744	Unicorn-5791.exe
2868	Unicorn-57493.exe
2808	Unicorn-16638.exe
2884	Unicorn-13108.exe
2332	Unicorn-14499.exe
2680	Unicorn-16446.exe
2580	Unicorn-6715.exe
2704	Unicorn-51348.exe
2864	Unicorn-16446.exe
1008	Unicorn-585.exe
2548	Unicorn-35304.exe
2772	Unicorn-52387.exe
600	Unicorn-52387.exe
2712	Unicorn-31119.exe
1208	Unicorn-16830.exe
2908	Unicorn-17214.exe
2748	Unicorn-17214.exe
2828	Unicorn-17214.exe
1668	Unicorn-62885.exe
1436	Unicorn-47940.exe
1572	Unicorn-17214.exe
1788	Unicorn-43286.exe
3024	Unicorn-20482.exe
2840	Unicorn-36242.exe
2176	Unicorn-38764.exe
2340	Unicorn-61753.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2588	3056	5bad4185da6947d79d79bbb57c99d370N.exe	29
PID 3056 wrote to memory of 2588	3056	5bad4185da6947d79d79bbb57c99d370N.exe	29
PID 3056 wrote to memory of 2588	3056	5bad4185da6947d79d79bbb57c99d370N.exe	29
PID 3056 wrote to memory of 2588	3056	5bad4185da6947d79d79bbb57c99d370N.exe	29
PID 2588 wrote to memory of 2052	2588	Unicorn-1258.exe	30
PID 2588 wrote to memory of 2052	2588	Unicorn-1258.exe	30
PID 2588 wrote to memory of 2052	2588	Unicorn-1258.exe	30
PID 2588 wrote to memory of 2052	2588	Unicorn-1258.exe	30
PID 3056 wrote to memory of 2880	3056	5bad4185da6947d79d79bbb57c99d370N.exe	31
PID 3056 wrote to memory of 2880	3056	5bad4185da6947d79d79bbb57c99d370N.exe	31
PID 3056 wrote to memory of 2880	3056	5bad4185da6947d79d79bbb57c99d370N.exe	31
PID 3056 wrote to memory of 2880	3056	5bad4185da6947d79d79bbb57c99d370N.exe	31
PID 3056 wrote to memory of 2972	3056	5bad4185da6947d79d79bbb57c99d370N.exe	34
PID 3056 wrote to memory of 2972	3056	5bad4185da6947d79d79bbb57c99d370N.exe	34
PID 3056 wrote to memory of 2972	3056	5bad4185da6947d79d79bbb57c99d370N.exe	34
PID 3056 wrote to memory of 2972	3056	5bad4185da6947d79d79bbb57c99d370N.exe	34
PID 2880 wrote to memory of 2980	2880	Unicorn-44875.exe	35
PID 2880 wrote to memory of 2980	2880	Unicorn-44875.exe	35
PID 2880 wrote to memory of 2980	2880	Unicorn-44875.exe	35
PID 2880 wrote to memory of 2980	2880	Unicorn-44875.exe	35
PID 2588 wrote to memory of 2080	2588	Unicorn-1258.exe	32
PID 2588 wrote to memory of 2080	2588	Unicorn-1258.exe	32
PID 2588 wrote to memory of 2080	2588	Unicorn-1258.exe	32
PID 2588 wrote to memory of 2080	2588	Unicorn-1258.exe	32
PID 2052 wrote to memory of 2940	2052	Unicorn-9509.exe	33
PID 2052 wrote to memory of 2940	2052	Unicorn-9509.exe	33
PID 2052 wrote to memory of 2940	2052	Unicorn-9509.exe	33
PID 2052 wrote to memory of 2940	2052	Unicorn-9509.exe	33
PID 2972 wrote to memory of 2172	2972	Unicorn-59329.exe	36
PID 2972 wrote to memory of 2172	2972	Unicorn-59329.exe	36
PID 2972 wrote to memory of 2172	2972	Unicorn-59329.exe	36
PID 2972 wrote to memory of 2172	2972	Unicorn-59329.exe	36
PID 3056 wrote to memory of 1928	3056	5bad4185da6947d79d79bbb57c99d370N.exe	37
PID 3056 wrote to memory of 1928	3056	5bad4185da6947d79d79bbb57c99d370N.exe	37
PID 3056 wrote to memory of 1928	3056	5bad4185da6947d79d79bbb57c99d370N.exe	37
PID 3056 wrote to memory of 1928	3056	5bad4185da6947d79d79bbb57c99d370N.exe	37
PID 2940 wrote to memory of 1676	2940	Unicorn-57291.exe	39
PID 2940 wrote to memory of 1676	2940	Unicorn-57291.exe	39
PID 2940 wrote to memory of 1676	2940	Unicorn-57291.exe	39
PID 2940 wrote to memory of 1676	2940	Unicorn-57291.exe	39
PID 2980 wrote to memory of 2492	2980	Unicorn-49123.exe	40
PID 2980 wrote to memory of 2492	2980	Unicorn-49123.exe	40
PID 2980 wrote to memory of 2492	2980	Unicorn-49123.exe	40
PID 2980 wrote to memory of 2492	2980	Unicorn-49123.exe	40
PID 2080 wrote to memory of 1628	2080	Unicorn-64068.exe	41
PID 2080 wrote to memory of 1628	2080	Unicorn-64068.exe	41
PID 2080 wrote to memory of 1628	2080	Unicorn-64068.exe	41
PID 2080 wrote to memory of 1628	2080	Unicorn-64068.exe	41
PID 2588 wrote to memory of 2184	2588	Unicorn-1258.exe	38
PID 2588 wrote to memory of 2184	2588	Unicorn-1258.exe	38
PID 2588 wrote to memory of 2184	2588	Unicorn-1258.exe	38
PID 2588 wrote to memory of 2184	2588	Unicorn-1258.exe	38
PID 2052 wrote to memory of 2364	2052	Unicorn-9509.exe	43
PID 2052 wrote to memory of 2364	2052	Unicorn-9509.exe	43
PID 2052 wrote to memory of 2364	2052	Unicorn-9509.exe	43
PID 2052 wrote to memory of 2364	2052	Unicorn-9509.exe	43
PID 2880 wrote to memory of 1576	2880	Unicorn-44875.exe	42
PID 2880 wrote to memory of 1576	2880	Unicorn-44875.exe	42
PID 2880 wrote to memory of 1576	2880	Unicorn-44875.exe	42
PID 2880 wrote to memory of 1576	2880	Unicorn-44875.exe	42
PID 2172 wrote to memory of 2860	2172	Unicorn-59896.exe	44
PID 2172 wrote to memory of 2860	2172	Unicorn-59896.exe	44
PID 2172 wrote to memory of 2860	2172	Unicorn-59896.exe	44
PID 2172 wrote to memory of 2860	2172	Unicorn-59896.exe	44

C:\Users\Admin\AppData\Local\Temp\5bad4185da6947d79d79bbb57c99d370N.exe
"C:\Users\Admin\AppData\Local\Temp\5bad4185da6947d79d79bbb57c99d370N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1258.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1258.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        7⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43129.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        6⤵
        
        PID:664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51614.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        6⤵
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        5⤵
        
        PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        7⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        6⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6764.exe
        6⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56823.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        6⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
        6⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        5⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        5⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        6⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        6⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
      4⤵
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        5⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        5⤵
        
        PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
      4⤵
      PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
      4⤵
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
      4⤵
      PID:4280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
        7⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        6⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        6⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        5⤵
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51606.exe
        5⤵
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31796.exe
        5⤵
        Executes dropped EXE
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        5⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        5⤵
        
        PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57089.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1266.exe
      4⤵
      PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
      4⤵
      PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
      4⤵
      PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-482.exe
        6⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        5⤵
        
        PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        5⤵
        
        PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        5⤵
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
      4⤵
      PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
      4⤵
      PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15917.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
      4⤵
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        5⤵
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
      4⤵
      PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
      4⤵
      PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
      4⤵
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
      4⤵
      PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
    3⤵
    PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
    3⤵
    PID:3112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
    3⤵
    PID:5044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        7⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        7⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        6⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        6⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60830.exe
        5⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        6⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
        5⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        5⤵
        
        PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        5⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        5⤵
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
      4⤵
      PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
      4⤵
      PID:5092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        5⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
        5⤵
        
        PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39620.exe
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
      4⤵
      PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
      4⤵
      PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        6⤵
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        6⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
        6⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        5⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        5⤵
        
        PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        5⤵
        
        PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
      4⤵
      PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
      4⤵
      PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
      4⤵
      PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
      4⤵
      PID:4148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
    3⤵
    PID:1176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
    3⤵
    PID:1212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
    3⤵
    PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
    3⤵
    PID:4724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        7⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        6⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exe
        6⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14877.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        6⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9788.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
        5⤵
        
        PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        6⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
        6⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        6⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        5⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
        6⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        6⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        5⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        5⤵
        
        PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
      4⤵
      PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
      4⤵
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51502.exe
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
      4⤵
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        5⤵
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        5⤵
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        5⤵
        
        PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
      4⤵
      PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34540.exe
      4⤵
      PID:4792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
      4⤵
      PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47835.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
      4⤵
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
    3⤵
    PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
    3⤵
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
    3⤵
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
    3⤵
    PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
    3⤵
    PID:4864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        5⤵
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
      4⤵
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exe
      4⤵
      PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
      4⤵
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
      4⤵
      PID:4900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
    3⤵
    PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
    3⤵
    PID:5112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49772.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
      4⤵
      PID:4132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
    3⤵
    PID:1352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
    3⤵
    PID:3680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
    3⤵
    PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
    3⤵
    PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
    3⤵
    PID:3196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
    3⤵
    PID:4940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
  2⤵
  PID:2512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
  2⤵
  PID:2272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
  2⤵
  PID:3892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
  2⤵
  PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe

Filesize
468KB

MD5
3198b39775c3b4b093f21042fa37add8

SHA1
90041065da8d877d6a9d209fd5dcfbbbef414849

SHA256
d2cbb50d811289b6fd333c9a978f14d0669c68f34851b161f67fbce882e9de11

SHA512
b293b89181cf94d3506efb5a46121c6853681b10deac8208ff40027be1aee6587a8f9ad8b4899e2feabd6376f26dc1ac8e57ad678bb56957d63dba2d78183c57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe

Filesize
468KB

MD5
72ab4775efdbc83da935399c860bdb7f

SHA1
d09c29dfa07409126bba65884b54097e8d79d527

SHA256
acda5b6e181736df0fc0798d51e5d35f4bae4bb94111b98ece65e858e838cb0f

SHA512
4a89ce74adb2fb40cd79450b0fcfe37b2602b8e0c3ef38e0ed54c4b976f67da208781ec743dcb95482d42e3051e81909b621405ee65b7b9cc1c56a1f29f7cc93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe

Filesize
468KB

MD5
fad5e88c0ea41a1cf51fcac9fa4712b3

SHA1
2e58247b17c2f8898021da387c08fc7e60b6d0a3

SHA256
ee9e607138c98cca38a42d8183b380c575c51c912e6857332907bbcfca2d66b6

SHA512
291111c7d2b624f64ed8ce0079f819f89cb405580bc05068f942b4a83a3cc2d59fa55ee5c5c515be1232c8060f11a6bde72a5596158395f9ed0d76ef5c038812

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe

Filesize
468KB

MD5
750c45bf62482293cac1e1a873dc6fc0

SHA1
7d447c254f372c5b2a9caaa27e41ae0e77afc125

SHA256
a75f783c73a6b6fc4f7c80c8dd92314404d6331ee42048187490b8e8f166f566

SHA512
8cf45f5e53f3a28267d02eaef9862008b2f37e99c3f46110374ad7911e12ee40ad861e2b250abcc2ae0141ebf4e2e72c6f206ca7405cf6933c86afc0f0e2719f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe

Filesize
468KB

MD5
250f26b740d493075e1bc636b83eb2aa

SHA1
84ad4345bde01f5a63a365816815fc48c120748a

SHA256
8b7e9542e22686a1bb64b698c4e50881d6492e2fb553ae08c9389bda5b4270e1

SHA512
b425f82be52d6be3fa99cbd805c72a4b8ff36521d717cd564cc6f288702adee1de887659023333cf10d4280c20417ea16399f30a2375b8fc5e8b4a5f4b81dfd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe

Filesize
468KB

MD5
0c97698729be89146c33b72627e33d3c

SHA1
2be1a7bdce8486994dff68f8ccbcd313b774e96a

SHA256
eb634ff35c4cb7549db9806a305d2d8d42bb63f064c9f9b9dc4cff821031f55e

SHA512
0b7350bcc5b6e6d5fa8ae79dec19e3bbe32072a4aec38db04127f260e3552ffb697e6faed8b187df564dad6a6c32fd520c20c55c1f1da096c5a87f008508a776

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe

Filesize
468KB

MD5
05b428cbb53f7f61684629685b7d35b6

SHA1
2dd2d74d1b8040a91d90d74e47443dfd70cc244e

SHA256
5fb62c72639329dcd32e3a19f38a070baec96edfd653b6d11833d4ccf6fe17fb

SHA512
c81b334fe8228589ab163a34ee6a19aaaf8feb2e4c0aaf5626b5f38ad4371bb855a0bbff872e81276fa302cfa5c1363fe0779626a9239cb7b1ed4b1b573cbb59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe

Filesize
468KB

MD5
8aa46393aecd96910abbcd3d3e20ada0

SHA1
2403248c93c168d6bbb129b4d634cee17cceb580

SHA256
88f2c7c7802d7f375489e9cf33c8db56102131f1fe0720f0bc818f4ef052e7ce

SHA512
6301096b25c9dabb6a1711b22fb50a91a50190be7b482ff7cb7e06d2e1c292279bdd65d9084b92e1ec8cbb403dcc93bc0b90d6067178a4f450e8c5f5ea3afa1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1258.exe

Filesize
468KB

MD5
e41590624f2dc5ab80159edc8f9f55c3

SHA1
8ba4267f053c710623c2370000c267dae2d39b1e

SHA256
33cc515dcd37571ef199b89f901d54e905cab2c8c183c5b65fb238d706754808

SHA512
2c828ca28574e8dceee93068bce1c6f3932d668aae1dc4b2bf5490144c0769ea6a069af5aa5de82deb5ad4a581163d60c07954ee9e51abe85ed8877a18629fce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe

Filesize
468KB

MD5
c2a4c027b72c67e0bcdd5436608a47c5

SHA1
8aa9d6b2d10bc3ba962bef50d2497270c0826293

SHA256
dfb23d2df458f845d5500bb2bf54dd47907f47b212617e8ff179781406501f57

SHA512
cf4bc26cce4cf8b248ce2586cfee63a9c8c59fdfbf662cac1f03bee4abe50a3009457ff58e1d7a74ebd14e1a55b68f910b86566a1a5b39a835a2d5dbfe7c70f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe

Filesize
468KB

MD5
322b5fec9c32300f768c1cf5699e63ce

SHA1
a9525cd0426c01dd01d2ddd65789af46ec07f1a3

SHA256
cc3cac896abac7d79004268c6cef3f34d8fefd6daf48e8c4c8909e019541cff3

SHA512
0eb89a2c586e5d8df0f827a277810c225182e41bd048683a1ec5b993db8e3bf387d29ccd28597278634b9f7137cf4776a14f08e38ffbe23e980e9d789ed035a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe

Filesize
468KB

MD5
eed035cf4f033b79143c049407c8b616

SHA1
da9935ea039a4eb069df04a78379f7489dceb6cd

SHA256
5fb39a849ae86e7312df26256028752f4333e726d104adfddd8a22f117440c10

SHA512
af96bcd7b7390552b9b280300d625c6bfedaa1df1a2bb753040d1e49d591b3eeba944d8c559445844bc4390c61fe4321a926a1d162100a6b62595fa3fe27b6b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe

Filesize
468KB

MD5
a58ee0879d149e8f15cf387999d13685

SHA1
8cdcd07e232a27e3ce481c9985bf0c03ef9cd678

SHA256
6d8d5a691b2d776d7038468663c2f67ea414d7164c047bfa7db861712a7caa1f

SHA512
47f80f6708c3a480e2468d01b7086952a8f699cf14ec38e37c236edaa35393cb9c1f699321d7ad9992d42a709811e84519e246fd7c953ac128e36f9847c0106a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe

Filesize
468KB

MD5
03fe8602379cb6f91c492ea3e9139339

SHA1
34dd0d646facdc58e77089c9236313a077ea7798

SHA256
6bbe7d264aae8cc3db47c6835f172854c42172462e6de86165998f4086b9eada

SHA512
3c29a7747960d2b4421712d4385cd0621676ca970faceea2f86cae7f3b04ab0e2da2ff0144ce6024c35a48462b3b4ba1101e9391fd42d37ac3d8e79b6eb9bb2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe

Filesize
468KB

MD5
e9a12104473d79732b179b79983cb84f

SHA1
67fe2c7a94d2419969a134419c8d94168db4e655

SHA256
8f334691788d86d76c8e1e4456dd234818987bc6e53e337fd3440ffaa53a3ef8

SHA512
5cd8798538dfd5d75f4c1c8fa7b25015b4037b3383e2461bfd597f057c1e017a99032e3581450586a6dd492534ca62c53cfb531a51f59aeed3870b7289f2147c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe

Filesize
468KB

MD5
0811c503dacdbcdfa3cea9f5502a1062

SHA1
c76a5eb81662d3ba3e6ba010a11b7f8ac1f48a16

SHA256
21a4c4d9d32f4167ac47498f29d59fd80d752b3e260cfcfc8594b5b70827b641

SHA512
34a57ca75402f850263f66cbdaaad88e2606938db5bb15e3b8934286180d0722489601bfad03decdbfcc2e648bba1fe1c7f2262f3774275ff156537eba94208e

Download Submit