cb55414ea00edeb0ff0d0afa811493a49694bbee2494416f4dd8ca8904325522

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

944cea6c526d4e8be77792894b853450N.exe
Size

468KB
MD5

944cea6c526d4e8be77792894b853450
SHA1

62bf73b4de40b405261f86c24c171f9a5132252f
SHA256

cb55414ea00edeb0ff0d0afa811493a49694bbee2494416f4dd8ca8904325522
SHA512

22f500ff87e706c3c143185ef9b7e97181cb0a1052b3f559f04e39b5fc0b6b8bb13aab8d8bea60a2dd6f991d3b5467211c26e5e9d2afce7db7aa55e8dec66d71
SSDEEP

3072:OzoHogIKI05QtbYvHpcOcfr/GChzP0p9lLHeaVTwlPBL/nDgrOlw:OzIoD8QtsHCOcfxY+RlPdvDgr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2416	Unicorn-19612.exe
2860	Unicorn-54778.exe
2888	Unicorn-17891.exe
2796	Unicorn-33435.exe
1656	Unicorn-45862.exe
2640	Unicorn-31899.exe
1572	Unicorn-61125.exe
2524	Unicorn-4312.exe
2476	Unicorn-37378.exe
2088	Unicorn-53186.exe
2156	Unicorn-59909.exe
1980	Unicorn-40043.exe
832	Unicorn-30117.exe
568	Unicorn-29852.exe
2732	Unicorn-23986.exe
1364	Unicorn-8124.exe
2992	Unicorn-63713.exe
2300	Unicorn-49510.exe
2432	Unicorn-2451.exe
2148	Unicorn-41638.exe
2232	Unicorn-6085.exe
864	Unicorn-41638.exe
524	Unicorn-14620.exe
1812	Unicorn-885.exe
1668	Unicorn-20485.exe
1860	Unicorn-9131.exe
1804	Unicorn-24591.exe
760	Unicorn-20018.exe
1460	Unicorn-44659.exe
560	Unicorn-40652.exe
2392	Unicorn-58524.exe
2180	Unicorn-37627.exe
1096	Unicorn-64357.exe
876	Unicorn-1856.exe
1564	Unicorn-17355.exe
2196	Unicorn-56973.exe
2848	Unicorn-26448.exe
2884	Unicorn-51091.exe
2844	Unicorn-46711.exe
2836	Unicorn-5071.exe
2948	Unicorn-10908.exe
2652	Unicorn-5839.exe
2220	Unicorn-58870.exe
2832	Unicorn-52740.exe
2712	Unicorn-58870.exe
2292	Unicorn-58870.exe
1248	Unicorn-37660.exe
2192	Unicorn-34322.exe
1052	Unicorn-60115.exe
1680	Unicorn-6628.exe
3028	Unicorn-53068.exe
2448	Unicorn-64677.exe
2008	Unicorn-28331.exe
2676	Unicorn-8465.exe
2136	Unicorn-44406.exe
2984	Unicorn-48232.exe
3000	Unicorn-48232.exe
1800	Unicorn-62705.exe
2284	Unicorn-62705.exe
2424	Unicorn-63804.exe
2512	Unicorn-22051.exe
284	Unicorn-41652.exe
2452	Unicorn-22051.exe
2080	Unicorn-19328.exe

Loads dropped DLL 64 IoCs

pid	Process
2716	944cea6c526d4e8be77792894b853450N.exe
2716	944cea6c526d4e8be77792894b853450N.exe
2416	Unicorn-19612.exe
2716	944cea6c526d4e8be77792894b853450N.exe
2416	Unicorn-19612.exe
2716	944cea6c526d4e8be77792894b853450N.exe
2888	Unicorn-17891.exe
2888	Unicorn-17891.exe
2716	944cea6c526d4e8be77792894b853450N.exe
2716	944cea6c526d4e8be77792894b853450N.exe
2860	Unicorn-54778.exe
2860	Unicorn-54778.exe
2416	Unicorn-19612.exe
2416	Unicorn-19612.exe
2796	Unicorn-33435.exe
2796	Unicorn-33435.exe
2888	Unicorn-17891.exe
2888	Unicorn-17891.exe
2640	Unicorn-31899.exe
2640	Unicorn-31899.exe
1572	Unicorn-61125.exe
1572	Unicorn-61125.exe
2860	Unicorn-54778.exe
2860	Unicorn-54778.exe
1656	Unicorn-45862.exe
1656	Unicorn-45862.exe
2716	944cea6c526d4e8be77792894b853450N.exe
2416	Unicorn-19612.exe
2716	944cea6c526d4e8be77792894b853450N.exe
2416	Unicorn-19612.exe
2524	Unicorn-4312.exe
2524	Unicorn-4312.exe
2796	Unicorn-33435.exe
2796	Unicorn-33435.exe
1980	Unicorn-40043.exe
1980	Unicorn-40043.exe
2860	Unicorn-54778.exe
2860	Unicorn-54778.exe
2156	Unicorn-59909.exe
2476	Unicorn-37378.exe
2476	Unicorn-37378.exe
2732	Unicorn-23986.exe
2732	Unicorn-23986.exe
2156	Unicorn-59909.exe
2888	Unicorn-17891.exe
1572	Unicorn-61125.exe
2416	Unicorn-19612.exe
1572	Unicorn-61125.exe
2888	Unicorn-17891.exe
2416	Unicorn-19612.exe
2088	Unicorn-53186.exe
2088	Unicorn-53186.exe
568	Unicorn-29852.exe
568	Unicorn-29852.exe
2640	Unicorn-31899.exe
2640	Unicorn-31899.exe
2716	944cea6c526d4e8be77792894b853450N.exe
2716	944cea6c526d4e8be77792894b853450N.exe
832	Unicorn-30117.exe
832	Unicorn-30117.exe
1656	Unicorn-45862.exe
1656	Unicorn-45862.exe
1364	Unicorn-8124.exe
1364	Unicorn-8124.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57291.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2716	944cea6c526d4e8be77792894b853450N.exe
2416	Unicorn-19612.exe
2888	Unicorn-17891.exe
2860	Unicorn-54778.exe
2796	Unicorn-33435.exe
2640	Unicorn-31899.exe
1656	Unicorn-45862.exe
1572	Unicorn-61125.exe
2524	Unicorn-4312.exe
2476	Unicorn-37378.exe
2156	Unicorn-59909.exe
1980	Unicorn-40043.exe
568	Unicorn-29852.exe
832	Unicorn-30117.exe
2088	Unicorn-53186.exe
2732	Unicorn-23986.exe
1364	Unicorn-8124.exe
2992	Unicorn-63713.exe
2300	Unicorn-49510.exe
2432	Unicorn-2451.exe
2232	Unicorn-6085.exe
524	Unicorn-14620.exe
864	Unicorn-41638.exe
2148	Unicorn-41638.exe
1860	Unicorn-9131.exe
1812	Unicorn-885.exe
1668	Unicorn-20485.exe
1804	Unicorn-24591.exe
1460	Unicorn-44659.exe
560	Unicorn-40652.exe
760	Unicorn-20018.exe
2392	Unicorn-58524.exe
2180	Unicorn-37627.exe
1096	Unicorn-64357.exe
876	Unicorn-1856.exe
1564	Unicorn-17355.exe
2196	Unicorn-56973.exe
2848	Unicorn-26448.exe
2948	Unicorn-10908.exe
2836	Unicorn-5071.exe
2884	Unicorn-51091.exe
2652	Unicorn-5839.exe
2844	Unicorn-46711.exe
2220	Unicorn-58870.exe
2292	Unicorn-58870.exe
2832	Unicorn-52740.exe
2712	Unicorn-58870.exe
1248	Unicorn-37660.exe
2192	Unicorn-34322.exe
1052	Unicorn-60115.exe
3028	Unicorn-53068.exe
2448	Unicorn-64677.exe
1680	Unicorn-6628.exe
2136	Unicorn-44406.exe
2984	Unicorn-48232.exe
2676	Unicorn-8465.exe
2284	Unicorn-62705.exe
2008	Unicorn-28331.exe
3000	Unicorn-48232.exe
1800	Unicorn-62705.exe
2424	Unicorn-63804.exe
2512	Unicorn-22051.exe
2452	Unicorn-22051.exe
284	Unicorn-41652.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2416	2716	944cea6c526d4e8be77792894b853450N.exe	29
PID 2716 wrote to memory of 2416	2716	944cea6c526d4e8be77792894b853450N.exe	29
PID 2716 wrote to memory of 2416	2716	944cea6c526d4e8be77792894b853450N.exe	29
PID 2716 wrote to memory of 2416	2716	944cea6c526d4e8be77792894b853450N.exe	29
PID 2416 wrote to memory of 2860	2416	Unicorn-19612.exe	30
PID 2416 wrote to memory of 2860	2416	Unicorn-19612.exe	30
PID 2416 wrote to memory of 2860	2416	Unicorn-19612.exe	30
PID 2416 wrote to memory of 2860	2416	Unicorn-19612.exe	30
PID 2716 wrote to memory of 2888	2716	944cea6c526d4e8be77792894b853450N.exe	31
PID 2716 wrote to memory of 2888	2716	944cea6c526d4e8be77792894b853450N.exe	31
PID 2716 wrote to memory of 2888	2716	944cea6c526d4e8be77792894b853450N.exe	31
PID 2716 wrote to memory of 2888	2716	944cea6c526d4e8be77792894b853450N.exe	31
PID 2888 wrote to memory of 2796	2888	Unicorn-17891.exe	32
PID 2888 wrote to memory of 2796	2888	Unicorn-17891.exe	32
PID 2888 wrote to memory of 2796	2888	Unicorn-17891.exe	32
PID 2888 wrote to memory of 2796	2888	Unicorn-17891.exe	32
PID 2716 wrote to memory of 1656	2716	944cea6c526d4e8be77792894b853450N.exe	33
PID 2716 wrote to memory of 1656	2716	944cea6c526d4e8be77792894b853450N.exe	33
PID 2716 wrote to memory of 1656	2716	944cea6c526d4e8be77792894b853450N.exe	33
PID 2716 wrote to memory of 1656	2716	944cea6c526d4e8be77792894b853450N.exe	33
PID 2860 wrote to memory of 2640	2860	Unicorn-54778.exe	34
PID 2860 wrote to memory of 2640	2860	Unicorn-54778.exe	34
PID 2860 wrote to memory of 2640	2860	Unicorn-54778.exe	34
PID 2860 wrote to memory of 2640	2860	Unicorn-54778.exe	34
PID 2416 wrote to memory of 1572	2416	Unicorn-19612.exe	35
PID 2416 wrote to memory of 1572	2416	Unicorn-19612.exe	35
PID 2416 wrote to memory of 1572	2416	Unicorn-19612.exe	35
PID 2416 wrote to memory of 1572	2416	Unicorn-19612.exe	35
PID 2796 wrote to memory of 2524	2796	Unicorn-33435.exe	36
PID 2796 wrote to memory of 2524	2796	Unicorn-33435.exe	36
PID 2796 wrote to memory of 2524	2796	Unicorn-33435.exe	36
PID 2796 wrote to memory of 2524	2796	Unicorn-33435.exe	36
PID 2888 wrote to memory of 2476	2888	Unicorn-17891.exe	37
PID 2888 wrote to memory of 2476	2888	Unicorn-17891.exe	37
PID 2888 wrote to memory of 2476	2888	Unicorn-17891.exe	37
PID 2888 wrote to memory of 2476	2888	Unicorn-17891.exe	37
PID 2640 wrote to memory of 2088	2640	Unicorn-31899.exe	38
PID 2640 wrote to memory of 2088	2640	Unicorn-31899.exe	38
PID 2640 wrote to memory of 2088	2640	Unicorn-31899.exe	38
PID 2640 wrote to memory of 2088	2640	Unicorn-31899.exe	38
PID 1572 wrote to memory of 2156	1572	Unicorn-61125.exe	39
PID 1572 wrote to memory of 2156	1572	Unicorn-61125.exe	39
PID 1572 wrote to memory of 2156	1572	Unicorn-61125.exe	39
PID 1572 wrote to memory of 2156	1572	Unicorn-61125.exe	39
PID 2860 wrote to memory of 1980	2860	Unicorn-54778.exe	40
PID 2860 wrote to memory of 1980	2860	Unicorn-54778.exe	40
PID 2860 wrote to memory of 1980	2860	Unicorn-54778.exe	40
PID 2860 wrote to memory of 1980	2860	Unicorn-54778.exe	40
PID 1656 wrote to memory of 832	1656	Unicorn-45862.exe	41
PID 1656 wrote to memory of 832	1656	Unicorn-45862.exe	41
PID 1656 wrote to memory of 832	1656	Unicorn-45862.exe	41
PID 1656 wrote to memory of 832	1656	Unicorn-45862.exe	41
PID 2716 wrote to memory of 568	2716	944cea6c526d4e8be77792894b853450N.exe	42
PID 2716 wrote to memory of 568	2716	944cea6c526d4e8be77792894b853450N.exe	42
PID 2716 wrote to memory of 568	2716	944cea6c526d4e8be77792894b853450N.exe	42
PID 2716 wrote to memory of 568	2716	944cea6c526d4e8be77792894b853450N.exe	42
PID 2416 wrote to memory of 2732	2416	Unicorn-19612.exe	43
PID 2416 wrote to memory of 2732	2416	Unicorn-19612.exe	43
PID 2416 wrote to memory of 2732	2416	Unicorn-19612.exe	43
PID 2416 wrote to memory of 2732	2416	Unicorn-19612.exe	43
PID 2524 wrote to memory of 1364	2524	Unicorn-4312.exe	44
PID 2524 wrote to memory of 1364	2524	Unicorn-4312.exe	44
PID 2524 wrote to memory of 1364	2524	Unicorn-4312.exe	44
PID 2524 wrote to memory of 1364	2524	Unicorn-4312.exe	44

C:\Users\Admin\AppData\Local\Temp\944cea6c526d4e8be77792894b853450N.exe
"C:\Users\Admin\AppData\Local\Temp\944cea6c526d4e8be77792894b853450N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58993.exe
        7⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26248.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        7⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        7⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
        6⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
        6⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
        7⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        6⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43701.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        6⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        5⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        7⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
        6⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        6⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        6⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        6⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10802.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        5⤵
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        6⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        7⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        7⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        5⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        6⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
        6⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        5⤵
        
        PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
      4⤵
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
      4⤵
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
      4⤵
      PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        7⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
        6⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        6⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        5⤵
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        5⤵
        
        PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        6⤵
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36133.exe
        6⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        5⤵
        
        PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        5⤵
        
        PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
      4⤵
      PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31668.exe
      4⤵
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
        5⤵
        
        PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12940.exe
      4⤵
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      4⤵
      PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64216.exe
      4⤵
      PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
      4⤵
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
      4⤵
      PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
    3⤵
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23006.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        8⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
        6⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        6⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        7⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        6⤵
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        6⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        6⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        5⤵
        
        PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        7⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        6⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        6⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
        6⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11103.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        6⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        5⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        6⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39960.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        6⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        5⤵
        
        PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41652.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        5⤵
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
        5⤵
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        5⤵
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
      4⤵
      PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
      4⤵
      PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
      4⤵
      PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        6⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        6⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43420.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        5⤵
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        5⤵
        
        PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        5⤵
        
        PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
      4⤵
      PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43420.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
      4⤵
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
      4⤵
      Executes dropped EXE
      PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
      4⤵
      PID:4132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
    3⤵
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
      4⤵
      PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
      4⤵
      PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
    3⤵
    PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
    3⤵
    PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35943.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
    3⤵
    PID:4660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        6⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        6⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        6⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        5⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        5⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        5⤵
        
        PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        5⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        5⤵
        
        PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
      4⤵
      PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47467.exe
      4⤵
      PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
      4⤵
      PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        5⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        5⤵
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        5⤵
        
        PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41766.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
      4⤵
      PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
    3⤵
    PID:2804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
    3⤵
    PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
    3⤵
    PID:3908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
    3⤵
    PID:2084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
    3⤵
    PID:4448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        5⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        5⤵
        
        PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
      4⤵
      PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
      4⤵
      PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
      4⤵
      PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
    3⤵
    PID:3288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
    3⤵
    PID:4240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
      4⤵
      PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
    3⤵
    PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
    3⤵
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
    3⤵
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
    3⤵
    PID:4116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
    3⤵
    PID:3500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
    3⤵
    PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
    3⤵
    PID:4424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
  2⤵
  PID:2672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
  2⤵
  PID:2268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
  2⤵
  PID:3872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8735.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8735.exe
  2⤵
  PID:3108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
  2⤵
  PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe

Filesize
468KB

MD5
ef9e52b15a0316b6efafedfa0b58545f

SHA1
a7bfcdc2d864a136d861f7c963b7275416e82356

SHA256
4ef3dddf7961e68641815889987bc3ebaea0a5025134df46215601808c66c1b6

SHA512
2e0dba7d61b2543f9aafecd9f8862cc439f798a827c147cfb23f06146020c6a2620f62e13714ef7417eef77ccb689ef0da4edd8a9c59141e188fd9f3aeb6a10c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe

Filesize
468KB

MD5
d611472d9e36e9469ef8c0d17c273b98

SHA1
187724f0442dff875aed1ac59ed4957ff08a577c

SHA256
b79a2e7f30e73d85d0c012eb3a3b6161e596d41eec84aba3299a3df8d2f84827

SHA512
6338cc6c11bcbdaf342861ee3741aefb5d7fb3494f4c3355aeda5086598f000f97d0a5ac0bbb3512714a0c874b9f50dfc310c9d50631f00d478f4949c04cd3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe

Filesize
468KB

MD5
3efe61e73a06473c3d60954798ed78d2

SHA1
770560488b03210a81e9104a3f843d0bee179188

SHA256
23cfc97d4af7e201b5250bcc3041e562ef4fced00c518a577e945b7d06e01216

SHA512
8ee4b02a194124115383bb1f95ae3562428128ce9a76d66d18ba4bb90495b95434daffb6a2c26dc991f941c1960e60d67d520872c8fa750b14f12e2e61bb76ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe

Filesize
468KB

MD5
11b64cad9b17c28e33c7fe5c0b1cee30

SHA1
e5b9ea09c5e92c6bdede664f8f7bb1d04420c959

SHA256
6cf261643fb20625d7c11be008c034ace6247c12950b65ad0335dae805e1e9f5

SHA512
07c9d063c1edf1a79f6277fdf42ee74a892ebb05d3e1031e7e43d0370cf43e666a447b692d054b3657019335c74241dc47ca2930fcd798035d36652b241fd486

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe

Filesize
468KB

MD5
e71390ff86d4423aa9858ccf8d5e1a3f

SHA1
291e90a27e61a219f5ae34ab1951e66f43e22b2b

SHA256
70b7184b830adae92c38c435ad8cf5d43045cd5c67c2521b3a4806d30603d8e7

SHA512
0d7d0595275b70bd97ba9580f6efd849b7911ef0ce9c6f4cfe2d0c8afa08145f23e1bce045167b105465f6e698d88a6e4154e5343c7a25948db1f655f4aa346e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe

Filesize
468KB

MD5
5f762c07cf0a76ff22297e3330625aac

SHA1
ce8147c1eb8beb12a7b832ce130fa8ef5e8eeacd

SHA256
c43591ddab0595a4081cf23a6eaf3ccdedac64e370e6c577d6f28ecf0b45b132

SHA512
28a12bb9e7c07e65b4da82729c94a31b6409f83d2d880bd8825a882c8524a90fbde46dbd5efa3e1821ef33acb007779f614fb3a12e9465cc7e87f43468a0e06f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe

Filesize
468KB

MD5
24ea8c0bbabf4bc725859db0acefd0eb

SHA1
dc1189abff4168f91ffd56960cef0631ac3d1976

SHA256
7e6f16fc4fec1d86fd2f97468699277c06bfcd079d989bf352e73dfea327a7d2

SHA512
1eeb36a1c08f39eca22dff33a81874cc806a7a52c00a6f9eff080cc62df91f60ba62e54387cb73fbba18f11754b98ed7f9153349e0c957d54953e028946c6c5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe

Filesize
468KB

MD5
51e0fec658b5df8af815405348fc6bcf

SHA1
bb71122ef9c3ae04430b600a08be95dbe3a4a27f

SHA256
c53e2f241665ed511c552f7cf3a6c3d29f10ead83a4d68a29ac01d3b01b3a59e

SHA512
8d354ce8a8c339966f3950271479ca905654561afe417188907fe4ae5366e203c8356db9b1387a004e3c670c028b2e29a077ad6e80700859356277b7212a4350

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe

Filesize
468KB

MD5
60150fcba858a0c6b9b92852652cf3e8

SHA1
a151754a02e0ee9228fd7e659312dc2640e71d99

SHA256
ff60d8c89b0f51bb7a985b126685a5a2841b33d29543fae80d7f81a4c6676f4b

SHA512
70d6c63e1bddee6666c4fcbdf08df68577d653088a996f743c35687c3b9d7c008151cf5b6f98bc9da92877b689bb9487a1cf671ecb7003936d0b81a8a6a8f778

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe

Filesize
468KB

MD5
4f3e84e2a9cb6cb1a52dda4dfcd000d8

SHA1
aa1868df077d753bd9a0e594b0d1bd93d6b7ea5f

SHA256
d403640e5953f9164ed5815568eb52b9f10e0a71f3402701a32058defe7cf86c

SHA512
efe2c1df5a1fd6373b3c4b896cbcc728d2e05e5294d0545bb032da7b96e7915d476e6190b3ef0ac6327fda19c375a1500b3abc56919e42b5b94ab0e7cebe8f0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe

Filesize
468KB

MD5
7f47b7b463c56db97a3bb35432d82206

SHA1
354222b11f6cc5feccdfa6539a5ae67ef1167832

SHA256
0dbc98d496f26798ce61b9fa08d296cba168b943be6db733033101889f4bfae8

SHA512
fc35784d8d295d66ad232a289fd90fa56125764ff4707e6c82718e83700baec5d1d9a134c88701815470b93cb6c5efc45b2e6fb94f68907aa2b80c00bc257589

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe

Filesize
468KB

MD5
b8db180619c2249e255b8846d5e858ff

SHA1
18f722a01e89b2dba86fac57b9abe2fd0b25120b

SHA256
89186e1ff6b8db25d197c865116792cdf7fc8013a568b56f58bdde8b7d0f44d1

SHA512
664bf4d6b411e96522fff375d2795e5751a342ec41c9d19a2d7e1eb3d9baf95ed10ec7b286a86dab0dce2fd673cbf634c2337375516fe67d7d5d3e5cef8f86b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe

Filesize
468KB

MD5
392c1c340ebad980694f8538d8a30223

SHA1
3b10478e8439a7655a83c9b555e473907b781a93

SHA256
acc271f9a01d27ea157ecea053f8235c84e6dc21da9d1f155941bd300204cf93

SHA512
68368368758624bb25ad278c4bf0b150843c293b1e2f808d751bd0046dcef3b1e3cf6bf29300a7db2bea5d06a4ed016a2d73da1899181f4ac52e9134174bd3c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe

Filesize
468KB

MD5
bc24499e35229737bd1cae8de6e25869

SHA1
9785df520f97e15db1d475794be969e13332cd5d

SHA256
9262362987c7c2a7aaf8dfec191bf1d07b8a38dd87a577afdc060a5a77f02442

SHA512
dfe996fa5c9e52d9ef356dc7db3533a388fe13ba38e872ab97cfa4d50f4d81dbb5e794b4e7f4d52b29085a72b7269689ea384d412e9c5d50dfe8edb8ca1a6743

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe

Filesize
468KB

MD5
236d09597613171944e2947062f58745

SHA1
7dde8fc2bc242a9474dfc3bc1757b63ec75dc1f4

SHA256
f4055317c017a56eccc65d36638d8f5f686ca50849c832ea81a117e2f7e8ccc2

SHA512
25005e7a499ef408b3fb4927366cf5bc5ae6c96085f49129a222ed5072d4467f947e7e7498a922360beed6f26eb96305d3015df7753995431a0a2ea5b83571ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe

Filesize
468KB

MD5
61be21ef3c5cca05a63762eacc93e155

SHA1
214fff6a343ea45f82c9956ff13d4509a3659955

SHA256
955086707df4cfce623cbbedf767a498224936865060ffdb848ce492077fcf74

SHA512
c686e1fdde245f05b5dc4cba90f94b8dd880c71330ecf104cd30cc43ba4fa3a4834069d4aa74e17a027bfa401f6b45e2ef6c60cd7d680ecc2d7e44212b9a2851

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe

Filesize
468KB

MD5
5bea55b542d6e175b56a22de944b766d

SHA1
a5182fb42df020564a05f167c98dd49618032e02

SHA256
0062887eb11c8d9d6238cd797b5f12b530bfb4efc91ab4905173260c66694bca

SHA512
3c69497eaded8ef6ef13ddc503a09762b8c6fb3d806d0028f8b4bd78ffcae9307174f7aa44aaebb1b03f940a850ebe70e11d40121cd75dc38c8382fee12db676

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe

Filesize
468KB

MD5
7288725ab73e49ba1a3a046c11ba2768

SHA1
9d4f482828c150655188e239cddb9d1b3db8aa39

SHA256
8739bc4bf6af131e3fa097fbcbba2dfa60deeb4f73bc6ccc72b38b7d5cd707d7

SHA512
ea5828adc658628ec61064f37b151aa7981d863adad8eecadf1f2b59bf2bca03b8b5fd9925dec9b7e607de9e38fad8e1980a29a4f95eee7ae929e47b53d0a4d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe

Filesize
468KB

MD5
b668c60b0ee01cdcdd6612036b4fc4ee

SHA1
4278bfa052120dd4c5da8449a49c1c951158063a

SHA256
1bcf3b886a7219986e59c441a60d7fadad602c73ff4be1eab3b90e6cde40833f

SHA512
8f97581ea31980c4b7d76ae04039f3ccd3355c702df378f7c216e0bbe6bcc7f7f976365a51ed484e3382d84df48d33974cedad12307761599b437c53dcd8311d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe

Filesize
468KB

MD5
fb1be03683aaafd5f04426cf1c946d3e

SHA1
2e7fd699b4b58529e23721bd4aca233b87c49c0a

SHA256
52e474d373622712dfa7e2e8bf4cf85646d1648d8542e97977cdedcb4d319251

SHA512
f7a8d47477f757ecbf9aaea5655987f84b446c09a8e588137efa44fa81843cab2ebd3059230115e370ae14a68590a4484ecc605f1b34d60d85c1c847646bf46d

Download Submit