80c8af95b6b9dc0056abb72d55add0b72c9561594113482df9773d49b17856db

Analysis

max time kernel
117s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 21:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aa7c09911c680070ef0d49a3e884ad0N.exe
Size

468KB
MD5

2aa7c09911c680070ef0d49a3e884ad0
SHA1

570499a51babcc3345a4988463c6cbbd538d8b2d
SHA256

80c8af95b6b9dc0056abb72d55add0b72c9561594113482df9773d49b17856db
SHA512

c411dd0c58757d5bf4cae6e118e53a4642c785449414369d73af2aeef63a8a71d7f22f83bfa06a097528fe9451626ff7a46c4d0b0e60ec2e3d4307a6e70becd5
SSDEEP

3072:WldSogdEIc5A8bYGofjcff8wAaJBHpnLJEHCgdSX2ZDIhDGDFAfr:WlUoE0A85orcffnBxj2Zs1GDF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2364	Unicorn-47931.exe
2160	Unicorn-9695.exe
2784	Unicorn-28724.exe
1824	Unicorn-61444.exe
2816	Unicorn-5658.exe
2716	Unicorn-40469.exe
764	Unicorn-11588.exe
2228	Unicorn-27807.exe
2544	Unicorn-52211.exe
2396	Unicorn-17309.exe
2276	Unicorn-9140.exe
2896	Unicorn-37406.exe
2040	Unicorn-57007.exe
1540	Unicorn-60541.exe
2328	Unicorn-46727.exe
2128	Unicorn-3577.exe
2144	Unicorn-54459.exe
2412	Unicorn-48502.exe
1828	Unicorn-44994.exe
2968	Unicorn-36063.exe
3024	Unicorn-39518.exe
3016	Unicorn-59384.exe
2452	Unicorn-64023.exe
1908	Unicorn-18352.exe
2408	Unicorn-9991.exe
2348	Unicorn-3861.exe
2860	Unicorn-51024.exe
972	Unicorn-62762.exe
2316	Unicorn-49855.exe
1988	Unicorn-17475.exe
2424	Unicorn-64629.exe
1300	Unicorn-19997.exe
1868	Unicorn-45248.exe
916	Unicorn-22519.exe
2000	Unicorn-22519.exe
2852	Unicorn-42939.exe
2248	Unicorn-44691.exe
2776	Unicorn-64490.exe
2780	Unicorn-13343.exe
2712	Unicorn-16681.exe
2264	Unicorn-23457.exe
1688	Unicorn-39239.exe
2632	Unicorn-39053.exe
3048	Unicorn-655.exe
1732	Unicorn-37677.exe
1400	Unicorn-7562.exe
2104	Unicorn-57028.exe
2008	Unicorn-62793.exe
2420	Unicorn-26842.exe
1864	Unicorn-18381.exe
2460	Unicorn-24512.exe
2524	Unicorn-4646.exe
2948	Unicorn-27204.exe
908	Unicorn-5222.exe
3000	Unicorn-16920.exe
2532	Unicorn-53576.exe
2352	Unicorn-946.exe
2120	Unicorn-19341.exe
1096	Unicorn-35586.exe
1288	Unicorn-30739.exe
1008	Unicorn-28356.exe
1576	Unicorn-28356.exe
1856	Unicorn-28356.exe
1768	Unicorn-47957.exe

Loads dropped DLL 64 IoCs

pid	Process
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
2364	Unicorn-47931.exe
2364	Unicorn-47931.exe
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
2784	Unicorn-28724.exe
2784	Unicorn-28724.exe
2364	Unicorn-47931.exe
2364	Unicorn-47931.exe
2160	Unicorn-9695.exe
2160	Unicorn-9695.exe
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
1824	Unicorn-61444.exe
1824	Unicorn-61444.exe
2364	Unicorn-47931.exe
2364	Unicorn-47931.exe
764	Unicorn-11588.exe
764	Unicorn-11588.exe
2716	Unicorn-40469.exe
2784	Unicorn-28724.exe
2716	Unicorn-40469.exe
2784	Unicorn-28724.exe
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
2160	Unicorn-9695.exe
2160	Unicorn-9695.exe
2816	Unicorn-5658.exe
2816	Unicorn-5658.exe
2544	Unicorn-52211.exe
2544	Unicorn-52211.exe
2364	Unicorn-47931.exe
2364	Unicorn-47931.exe
2040	Unicorn-57007.exe
2040	Unicorn-57007.exe
2228	Unicorn-27807.exe
2228	Unicorn-27807.exe
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
1824	Unicorn-61444.exe
1824	Unicorn-61444.exe
2276	Unicorn-9140.exe
2276	Unicorn-9140.exe
2716	Unicorn-40469.exe
1540	Unicorn-60541.exe
2716	Unicorn-40469.exe
1540	Unicorn-60541.exe
2160	Unicorn-9695.exe
2396	Unicorn-17309.exe
2396	Unicorn-17309.exe
2160	Unicorn-9695.exe
2896	Unicorn-37406.exe
2896	Unicorn-37406.exe
764	Unicorn-11588.exe
764	Unicorn-11588.exe
2784	Unicorn-28724.exe
2784	Unicorn-28724.exe
2328	Unicorn-46727.exe
2328	Unicorn-46727.exe
2816	Unicorn-5658.exe
2816	Unicorn-5658.exe
2128	Unicorn-3577.exe
2128	Unicorn-3577.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38747.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2260	2aa7c09911c680070ef0d49a3e884ad0N.exe
2364	Unicorn-47931.exe
2160	Unicorn-9695.exe
2784	Unicorn-28724.exe
1824	Unicorn-61444.exe
2816	Unicorn-5658.exe
2716	Unicorn-40469.exe
764	Unicorn-11588.exe
2544	Unicorn-52211.exe
2228	Unicorn-27807.exe
2276	Unicorn-9140.exe
1540	Unicorn-60541.exe
2040	Unicorn-57007.exe
2396	Unicorn-17309.exe
2896	Unicorn-37406.exe
2328	Unicorn-46727.exe
2128	Unicorn-3577.exe
2144	Unicorn-54459.exe
2412	Unicorn-48502.exe
1828	Unicorn-44994.exe
2968	Unicorn-36063.exe
3024	Unicorn-39518.exe
3016	Unicorn-59384.exe
2452	Unicorn-64023.exe
1908	Unicorn-18352.exe
2408	Unicorn-9991.exe
2860	Unicorn-51024.exe
2348	Unicorn-3861.exe
972	Unicorn-62762.exe
2316	Unicorn-49855.exe
1988	Unicorn-17475.exe
2424	Unicorn-64629.exe
1300	Unicorn-19997.exe
1868	Unicorn-45248.exe
2000	Unicorn-22519.exe
2852	Unicorn-42939.exe
2248	Unicorn-44691.exe
2776	Unicorn-64490.exe
2780	Unicorn-13343.exe
2712	Unicorn-16681.exe
2264	Unicorn-23457.exe
1688	Unicorn-39239.exe
3048	Unicorn-655.exe
2632	Unicorn-39053.exe
1732	Unicorn-37677.exe
1400	Unicorn-7562.exe
2104	Unicorn-57028.exe
2420	Unicorn-26842.exe
1864	Unicorn-18381.exe
2524	Unicorn-4646.exe
908	Unicorn-5222.exe
2008	Unicorn-62793.exe
2460	Unicorn-24512.exe
2948	Unicorn-27204.exe
2532	Unicorn-53576.exe
3000	Unicorn-16920.exe
2352	Unicorn-946.exe
2120	Unicorn-19341.exe
1096	Unicorn-35586.exe
1288	Unicorn-30739.exe
1008	Unicorn-28356.exe
1576	Unicorn-28356.exe
1768	Unicorn-47957.exe
1856	Unicorn-28356.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2364	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	29
PID 2260 wrote to memory of 2364	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	29
PID 2260 wrote to memory of 2364	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	29
PID 2260 wrote to memory of 2364	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	29
PID 2364 wrote to memory of 2160	2364	Unicorn-47931.exe	30
PID 2364 wrote to memory of 2160	2364	Unicorn-47931.exe	30
PID 2364 wrote to memory of 2160	2364	Unicorn-47931.exe	30
PID 2364 wrote to memory of 2160	2364	Unicorn-47931.exe	30
PID 2260 wrote to memory of 2784	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	31
PID 2260 wrote to memory of 2784	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	31
PID 2260 wrote to memory of 2784	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	31
PID 2260 wrote to memory of 2784	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	31
PID 2784 wrote to memory of 2816	2784	Unicorn-28724.exe	32
PID 2784 wrote to memory of 2816	2784	Unicorn-28724.exe	32
PID 2784 wrote to memory of 2816	2784	Unicorn-28724.exe	32
PID 2784 wrote to memory of 2816	2784	Unicorn-28724.exe	32
PID 2364 wrote to memory of 1824	2364	Unicorn-47931.exe	33
PID 2364 wrote to memory of 1824	2364	Unicorn-47931.exe	33
PID 2364 wrote to memory of 1824	2364	Unicorn-47931.exe	33
PID 2364 wrote to memory of 1824	2364	Unicorn-47931.exe	33
PID 2160 wrote to memory of 2716	2160	Unicorn-9695.exe	34
PID 2160 wrote to memory of 2716	2160	Unicorn-9695.exe	34
PID 2160 wrote to memory of 2716	2160	Unicorn-9695.exe	34
PID 2160 wrote to memory of 2716	2160	Unicorn-9695.exe	34
PID 2260 wrote to memory of 764	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	35
PID 2260 wrote to memory of 764	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	35
PID 2260 wrote to memory of 764	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	35
PID 2260 wrote to memory of 764	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	35
PID 1824 wrote to memory of 2228	1824	Unicorn-61444.exe	36
PID 1824 wrote to memory of 2228	1824	Unicorn-61444.exe	36
PID 1824 wrote to memory of 2228	1824	Unicorn-61444.exe	36
PID 1824 wrote to memory of 2228	1824	Unicorn-61444.exe	36
PID 2364 wrote to memory of 2544	2364	Unicorn-47931.exe	37
PID 2364 wrote to memory of 2544	2364	Unicorn-47931.exe	37
PID 2364 wrote to memory of 2544	2364	Unicorn-47931.exe	37
PID 2364 wrote to memory of 2544	2364	Unicorn-47931.exe	37
PID 764 wrote to memory of 2396	764	Unicorn-11588.exe	38
PID 764 wrote to memory of 2396	764	Unicorn-11588.exe	38
PID 764 wrote to memory of 2396	764	Unicorn-11588.exe	38
PID 764 wrote to memory of 2396	764	Unicorn-11588.exe	38
PID 2716 wrote to memory of 2276	2716	Unicorn-40469.exe	39
PID 2716 wrote to memory of 2276	2716	Unicorn-40469.exe	39
PID 2716 wrote to memory of 2276	2716	Unicorn-40469.exe	39
PID 2716 wrote to memory of 2276	2716	Unicorn-40469.exe	39
PID 2784 wrote to memory of 2896	2784	Unicorn-28724.exe	40
PID 2784 wrote to memory of 2896	2784	Unicorn-28724.exe	40
PID 2784 wrote to memory of 2896	2784	Unicorn-28724.exe	40
PID 2784 wrote to memory of 2896	2784	Unicorn-28724.exe	40
PID 2260 wrote to memory of 2040	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	41
PID 2260 wrote to memory of 2040	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	41
PID 2260 wrote to memory of 2040	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	41
PID 2260 wrote to memory of 2040	2260	2aa7c09911c680070ef0d49a3e884ad0N.exe	41
PID 2160 wrote to memory of 1540	2160	Unicorn-9695.exe	42
PID 2160 wrote to memory of 1540	2160	Unicorn-9695.exe	42
PID 2160 wrote to memory of 1540	2160	Unicorn-9695.exe	42
PID 2160 wrote to memory of 1540	2160	Unicorn-9695.exe	42
PID 2816 wrote to memory of 2328	2816	Unicorn-5658.exe	43
PID 2816 wrote to memory of 2328	2816	Unicorn-5658.exe	43
PID 2816 wrote to memory of 2328	2816	Unicorn-5658.exe	43
PID 2816 wrote to memory of 2328	2816	Unicorn-5658.exe	43
PID 2544 wrote to memory of 2128	2544	Unicorn-52211.exe	44
PID 2544 wrote to memory of 2128	2544	Unicorn-52211.exe	44
PID 2544 wrote to memory of 2128	2544	Unicorn-52211.exe	44
PID 2544 wrote to memory of 2128	2544	Unicorn-52211.exe	44

C:\Users\Admin\AppData\Local\Temp\2aa7c09911c680070ef0d49a3e884ad0N.exe
"C:\Users\Admin\AppData\Local\Temp\2aa7c09911c680070ef0d49a3e884ad0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13114.exe
        7⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        6⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        6⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        6⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        7⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        6⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        6⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
        6⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        7⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
        6⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
        6⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        6⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        6⤵
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        6⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        5⤵
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        5⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        5⤵
        
        PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
        6⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        6⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        5⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        6⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        6⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        5⤵
        
        PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        5⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        5⤵
        
        PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
      4⤵
      PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
      4⤵
      PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
        6⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35232.exe
        6⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        6⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2570.exe
        5⤵
        
        PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        6⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        5⤵
        
        PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        5⤵
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        5⤵
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
      4⤵
      PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
      4⤵
      PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        6⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        6⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        6⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        6⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        6⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        6⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        5⤵
        
        PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37487.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24111.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43235.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        5⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        5⤵
        
        PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
      4⤵
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
      4⤵
      PID:4656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        5⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16617.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        5⤵
        
        PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
      4⤵
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63729.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
      4⤵
      PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
      4⤵
      PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
    3⤵
    PID:2220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
    3⤵
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
    3⤵
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
    3⤵
    PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
    3⤵
    PID:4728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        6⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        6⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        5⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48921.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        5⤵
        
        PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        6⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
        6⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        6⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        5⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        6⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        6⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        5⤵
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
      4⤵
      PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
      4⤵
      PID:5032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        6⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        6⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        6⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        5⤵
        
        PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        5⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
      4⤵
      PID:296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
      4⤵
      PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49855.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        5⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        5⤵
        
        PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
      4⤵
      PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
      4⤵
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
      4⤵
      PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22072.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
      4⤵
      PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
    3⤵
    PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
    3⤵
    PID:3948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
    3⤵
    PID:4236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        5⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53136.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
      4⤵
      PID:4812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
      4⤵
      PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
      4⤵
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
      4⤵
      PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
    3⤵
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
    3⤵
    PID:4916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        5⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        5⤵
        
        PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
      4⤵
      PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
      4⤵
      PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
      4⤵
      PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
      4⤵
      PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
    3⤵
    PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35605.exe
    3⤵
    PID:3644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
    3⤵
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
    3⤵
    - Executes dropped EXE
    PID:916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
      4⤵
      PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
      4⤵
      PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1595.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
      4⤵
      PID:4648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6291.exe
    3⤵
    PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
    3⤵
    PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
    3⤵
    PID:3076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
    3⤵
    PID:4692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44691.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44691.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
    3⤵
    PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
    3⤵
    PID:3700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
    3⤵
    PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
    3⤵
    PID:4688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
  2⤵
  PID:2272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
  2⤵
  PID:2756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
  2⤵
  PID:3796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36331.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36331.exe
  2⤵
  PID:3540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe

Filesize
468KB

MD5
dc4f8e9070ff8c86795eb2b9b0da6cf3

SHA1
a4205469dfcae23348e241c33d330011b5e5ea8e

SHA256
9d5a5cccaf844a2b1736037a10c9e742d62f9919b993186602ddabd66b2a7117

SHA512
068e9c05d28e68392a8214bb51690618c1c19d9f1cd77efae95e3eed0a783eb7b1b5dd5f87ed161155e88c5bfa69cbecbc89bcbb3230f48d4fd4a504eab52c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe

Filesize
468KB

MD5
d5aac75d0aec29b18178f9be0fa4c595

SHA1
58cdaa30f39d5fd0d551fdf52508cc245278ccdb

SHA256
fd3c38348ccc67bfd4b498c2249e204f1fbec8c077da7a36b6f3afd1795e4d53

SHA512
45e2fe338198f7df4746636e3228a3529051588ef696e48b0920f175dc5d137c870c9fa134be60569ebe5ca787dd430d7a56da97adebf4a9b0d2ad31ea35fd71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe

Filesize
468KB

MD5
f1b163f87fa36cd492109028887bd992

SHA1
70bc8453f1235414eeefcc5851199722b5fa47a3

SHA256
4a2f4c6ebcda9b6bbd45005466b6e6d9152c56444306ddae439d5586ec598c00

SHA512
62d1664a605f8642049928092774f26312f6a37f73781808f62ee3c7566114aeaa424293b29a22bd80b3a35240bf0efbeba7f9a78dae47446fee45e77babd362

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe

Filesize
468KB

MD5
f7251174d848271a85ea032a6ab41c3e

SHA1
7a9ed628aedcabe0c129d791bf7def8232e9836e

SHA256
7e195b8c838d17c171025c81e7cb565530af3935313343d1eec48aa23751c070

SHA512
515e3ea742e762e0bcb01d918574bc300adf3096e48fc3fdd85b85592049a7dfad8793a14ec337d2b55f8ebba25cef9def993532183955cf1ac442a8827d3ccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe

Filesize
468KB

MD5
a4de37b1b943a5bdba948e1d2f29e866

SHA1
1d198cddbd485a008fd15d0a79c2132f207ada30

SHA256
e2d594da823a57a1e75782cfe553c68824eb645a4346fbc6376eed9cd137c73c

SHA512
74221d424c8a34b3754846c5459d041ddf540bd86575f347415f32e983224cfefc4ba7c0e16a7969ea424b50ed8477db46a078cc8f1e4cb4709611e41701ad85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe

Filesize
468KB

MD5
dc515d2a817e93a51b35101cdfe806b2

SHA1
e56edb480739eb59957fdd013fc4d2bd3d08974d

SHA256
33f6d53ca44e746c4a57a16adfeea06b82a48920c0c6231b661b587a31bd2d85

SHA512
822946bd261c9c179362693d424ee4fd6fea1be21841070eb8037a51bac00cb0e2f0154274f414d0c52420e61f04704926b12f7ff5a93aef601bca47b0e6bbec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe

Filesize
468KB

MD5
f41d50170ba6b91b1ad492c0f5806ee0

SHA1
bf8b9756de5a209311bffe6cfd60008a6ddfa5be

SHA256
ecc1d474789ad846adf27666590e9b7ce01dfb0ea968baf17ca74b4685b319d1

SHA512
c02dc13ce587021d685032e0078961455075f6d3f2bc0d6e8742d1100e892691fae193563de45479caf25f27f96f2ecd31f6fad10f3d95c4d3b059a316a6e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe

Filesize
468KB

MD5
52c23dad1f07c13573de35c4656e1c9c

SHA1
7fd057bdb15d6c63b27e168cf89b7c77c1703dca

SHA256
5826b6577ce85bf2b16b4942b8d9ab5040d737aa2e5fc9878b01bb4bd69cf651

SHA512
fa229ca7e17a80ac1802761da8be6c4677ccce7fc94cfd4e82ca033918e889f206ecd9cba5445f5a5869bbd1469b24fbd16158e2340133df5f0a082dabb25d88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe

Filesize
468KB

MD5
209486effcda2f0e6fb294225bee6cfd

SHA1
2c760b40d496d49e4807e74cfae79170c604f6fc

SHA256
4266689777309dcc43840b0198fd549d64995c466b943c01c2780dc715a069f3

SHA512
7e9d140dddf94e062296913827a64e61f63ace5fa2117fc38d766ffee4509255eba15e69880701833260a5a104b838cedd9c24006d6a74aa25c1f3a165150646

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe

Filesize
468KB

MD5
57748521c764c64ca58b1ae4605d77e8

SHA1
042f026ea83a194340ceff1d0a52e581c6d1ad85

SHA256
018678682fe4dd0b56a11ee9b3e9d90c8906b0fb95cf0d2c3859afb7bac4b011

SHA512
898dfae8d4f45883852591c4a63bfc98818a49f9515d20f3993584d578cc8e5204cea2a3ed4f571b071234e08d2b4581d0c7eee4fbfe44916c98e630084f674d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe

Filesize
468KB

MD5
f54b3945f565095c210582040c9e08a5

SHA1
d1b31fb2bab1ac325b1c46d11e0aaf9f0080bd1a

SHA256
e699f47ed22c4060306cd3c952d2dd283f9c0832f22028084550c5ba35aa7c40

SHA512
2673b332af4a32603007c3d30aeb7dcfc129c5c5e89bd36360fc7b14d058f72b96b6108416d70f34104537e2b18f6131c834c183c4110752ba2387392219c1fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe

Filesize
468KB

MD5
65fd39523c5b01bbcb7575d7f92dd5a9

SHA1
fc7b6d9f7454a786803f50801490b22b10ccdf33

SHA256
e727e1f772d9040fee3cb091ebfa9ad9ec916c1d4d2a463eae1558385a04b853

SHA512
8e5cd7263a69b54dbda3d88770df5ea3f0a61bf69e6d0073d26cfeb993f22b364067e7ef419dff4adad9ad10dbb85fd86d4cc5dc7cda42849ce7433e91c259cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe

Filesize
468KB

MD5
0102b789fbdb33de5329ab5ae968839f

SHA1
15a23b76288f9e2708492c8b62d83e854f8036e5

SHA256
318859113099daa337003fc9487711db1355b944674d0b5ff138c172fdb96c4c

SHA512
e2579fb42be10375d57ba29bc9a3f225ba95a0aebba1474c8afb1d13f184b0d7e256c239b80d14bb76da02a7fbaad2d09180038c419f5a1f054a12be1d4b62db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe

Filesize
468KB

MD5
44d8d7d45ba384697620a47b316e287c

SHA1
73324cf4996a389cef5beb61dc2a9e1bb2bef840

SHA256
8551f19fdc21687896aa34ce58d46011e9d800f251e28c9b8cc20134aa444d60

SHA512
99568e3fbe90db7fb25e663f52b6e2b71a1fb4061c87ce2e0cdab549581a4b31974997a9002e5e211647b0e954de59e31a4be8d8de39bec22b314e2ce772711e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe

Filesize
468KB

MD5
32ecd946b4b49b28d7f0b63881f3ed06

SHA1
faf6fd15b60a3b1f33d66d0bdbaa60ba776d83da

SHA256
3082284e2fde1173d42cd322509e3e61a42741affdad2009d68eb7b7ebeba823

SHA512
6858129a1bdfb81d57c63d091aae6f8faf7cedcd45b5299b39d6da2d652f3aeafcf88d1ee247251c6b785737121e8d2f49233f1f566b40af5532746c836c8cc7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe

Filesize
468KB

MD5
d09089bd47129744ded4a4e0fb04e364

SHA1
d5b5dd2762667a519ddfe8baad810b110b36ec89

SHA256
21d379f29c576a9c298b98a1605f2115c7e2fefb44686c9459f624f6da2714eb

SHA512
d4dd50e15c8cfdc24c53e85d959430db2fff5c37084d225fce22d57e9bc46daad707bb0ef8b590cc4d96622a3e15010407e12d4d2acd502b3f987169564f0e86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe

Filesize
468KB

MD5
d2bfcd426208ec090270a8b57676366f

SHA1
06041bf01cbcdfb08d7a0a711f3d35ae2ceda83b

SHA256
8716e7872ae4dd26b85f9655615b98fe9bcd6196366376a5ce32431b755249ac

SHA512
201f3f32580895f8324e66e0fa10982e3bd4d3c976203154ff28b64192b0303ec9e8870e95fb26f4935753237c51466db318e337bd0b9f22ca00594abba3fe1e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe

Filesize
468KB

MD5
cdba1046eb0f8dcd964b8598878d7db3

SHA1
0cb69ff7debd3105cb96ddf727d7f0c973d55d21

SHA256
d61dc3f1f7f93e50beed98ae53dc4150d143690de672397d22200c64bc968567

SHA512
eceec797f55b92295ec58c9fb45afd4ca3a7ee7cfae11f4eba278f0257f9e8889d8cdb3d4f128e112f67bffba8b7091df0b4aead3fc8a57b02e7d555f2901a71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe

Filesize
468KB

MD5
6065c948487ba1a28bbc50ef18f68a14

SHA1
a3fed70473d9bc0610c131b77562079867ebea3e

SHA256
05329670383849ada639bd2177ccf2cdc8636ed01cfec8c72c3ab46bf0bacd63

SHA512
a4927c06feff8fc976cc9f3dcf79e6bd7a43ed73ec1f3a8a57c30a18d3c91fb36c1f1ecb9129888628f0856a1c7cdf579ba7a76b06c9550243ec5366477aa355

Download Submit