01ea7855aab633bd0160d1aad53844891dca94248327525460e0a94f9867b791

Analysis

max time kernel
116s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-09-2024 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d6314951ff0dd3813f3c4af3d391fd0N.exe
Size

468KB
MD5

4d6314951ff0dd3813f3c4af3d391fd0
SHA1

0e88eeaa83af0bd74b1d1dd2dd09d2960f4f07e4
SHA256

01ea7855aab633bd0160d1aad53844891dca94248327525460e0a94f9867b791
SHA512

7c08303d713563fe2cb1dbd862138cd77b83d4c7503ddc7d04b67ab64561a879b9fa793e2819ba465484e9e87c17db58adfcab8cb16238ecf4300d1685b16d25
SSDEEP

3072:PbACogId605UtbYSPYam2f8ggpb0PIp2nmHexVbA4f0LyYCW83l6:Pb1oi8UtVPfm2f50UI4fOHCW8

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2956	Unicorn-27651.exe
2848	Unicorn-47915.exe
2976	Unicorn-55336.exe
2752	Unicorn-58481.exe
2808	Unicorn-6073.exe
2660	Unicorn-65480.exe
2712	Unicorn-5751.exe
2616	Unicorn-59991.exe
1080	Unicorn-56078.exe
1268	Unicorn-47355.exe
1052	Unicorn-6130.exe
2940	Unicorn-14298.exe
2544	Unicorn-51802.exe
1476	Unicorn-20420.exe
2448	Unicorn-48050.exe
1744	Unicorn-30116.exe
2312	Unicorn-22310.exe
2424	Unicorn-4480.exe
2356	Unicorn-28793.exe
2232	Unicorn-12456.exe
2536	Unicorn-34722.exe
524	Unicorn-40853.exe
1668	Unicorn-44175.exe
684	Unicorn-16083.exe
1860	Unicorn-24879.exe
1528	Unicorn-52913.exe
600	Unicorn-37921.exe
628	Unicorn-18055.exe
2216	Unicorn-60571.exe
956	Unicorn-17501.exe
2960	Unicorn-26031.exe
3020	Unicorn-62918.exe
2348	Unicorn-51818.exe
2248	Unicorn-31952.exe
1684	Unicorn-13015.exe
1192	Unicorn-56478.exe
2776	Unicorn-9176.exe
2916	Unicorn-29727.exe
2836	Unicorn-50510.exe
2896	Unicorn-8922.exe
2648	Unicorn-14085.exe
2820	Unicorn-43131.exe
2292	Unicorn-6545.exe
1996	Unicorn-59275.exe
2192	Unicorn-43109.exe
1680	Unicorn-5606.exe
2276	Unicorn-19203.exe
2156	Unicorn-3421.exe
1148	Unicorn-56514.exe
2336	Unicorn-10842.exe
964	Unicorn-56322.exe
1940	Unicorn-32140.exe
1100	Unicorn-19696.exe
968	Unicorn-54598.exe
2996	Unicorn-36570.exe
2404	Unicorn-62036.exe
2284	Unicorn-20812.exe
1620	Unicorn-37537.exe
772	Unicorn-26602.exe
656	Unicorn-46468.exe
1020	Unicorn-64650.exe
1676	Unicorn-37916.exe
1460	Unicorn-25280.exe
916	Unicorn-42691.exe

Loads dropped DLL 64 IoCs

pid	Process
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2956	Unicorn-27651.exe
2956	Unicorn-27651.exe
2848	Unicorn-47915.exe
2848	Unicorn-47915.exe
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2976	Unicorn-55336.exe
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2976	Unicorn-55336.exe
2956	Unicorn-27651.exe
2956	Unicorn-27651.exe
2752	Unicorn-58481.exe
2752	Unicorn-58481.exe
2848	Unicorn-47915.exe
2848	Unicorn-47915.exe
2808	Unicorn-6073.exe
2660	Unicorn-65480.exe
2808	Unicorn-6073.exe
2712	Unicorn-5751.exe
2660	Unicorn-65480.exe
2712	Unicorn-5751.exe
2956	Unicorn-27651.exe
2976	Unicorn-55336.exe
2976	Unicorn-55336.exe
2956	Unicorn-27651.exe
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2616	Unicorn-59991.exe
2616	Unicorn-59991.exe
2752	Unicorn-58481.exe
2752	Unicorn-58481.exe
1080	Unicorn-56078.exe
1080	Unicorn-56078.exe
2448	Unicorn-48050.exe
2448	Unicorn-48050.exe
1476	Unicorn-20420.exe
1476	Unicorn-20420.exe
2848	Unicorn-47915.exe
2848	Unicorn-47915.exe
1052	Unicorn-6130.exe
1052	Unicorn-6130.exe
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2956	Unicorn-27651.exe
2956	Unicorn-27651.exe
2712	Unicorn-5751.exe
2712	Unicorn-5751.exe
1268	Unicorn-47355.exe
1268	Unicorn-47355.exe
2544	Unicorn-51802.exe
2544	Unicorn-51802.exe
2808	Unicorn-6073.exe
2808	Unicorn-6073.exe
2976	Unicorn-55336.exe
2976	Unicorn-55336.exe
2940	Unicorn-14298.exe
2940	Unicorn-14298.exe
2660	Unicorn-65480.exe
2660	Unicorn-65480.exe
1744	Unicorn-30116.exe
1744	Unicorn-30116.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20961.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe
2956	Unicorn-27651.exe
2848	Unicorn-47915.exe
2976	Unicorn-55336.exe
2752	Unicorn-58481.exe
2712	Unicorn-5751.exe
2660	Unicorn-65480.exe
2808	Unicorn-6073.exe
2616	Unicorn-59991.exe
1080	Unicorn-56078.exe
2448	Unicorn-48050.exe
1052	Unicorn-6130.exe
1268	Unicorn-47355.exe
1476	Unicorn-20420.exe
2544	Unicorn-51802.exe
2940	Unicorn-14298.exe
1744	Unicorn-30116.exe
2312	Unicorn-22310.exe
2424	Unicorn-4480.exe
2356	Unicorn-28793.exe
2232	Unicorn-12456.exe
1668	Unicorn-44175.exe
524	Unicorn-40853.exe
2536	Unicorn-34722.exe
684	Unicorn-16083.exe
956	Unicorn-17501.exe
2216	Unicorn-60571.exe
1860	Unicorn-24879.exe
1528	Unicorn-52913.exe
628	Unicorn-18055.exe
600	Unicorn-37921.exe
2960	Unicorn-26031.exe
3020	Unicorn-62918.exe
2348	Unicorn-51818.exe
2248	Unicorn-31952.exe
1684	Unicorn-13015.exe
1192	Unicorn-56478.exe
2776	Unicorn-9176.exe
2916	Unicorn-29727.exe
2836	Unicorn-50510.exe
2896	Unicorn-8922.exe
2648	Unicorn-14085.exe
2820	Unicorn-43131.exe
2292	Unicorn-6545.exe
1996	Unicorn-59275.exe
2192	Unicorn-43109.exe
1680	Unicorn-5606.exe
2156	Unicorn-3421.exe
1148	Unicorn-56514.exe
2336	Unicorn-10842.exe
2276	Unicorn-19203.exe
964	Unicorn-56322.exe
1940	Unicorn-32140.exe
2404	Unicorn-62036.exe
1100	Unicorn-19696.exe
968	Unicorn-54598.exe
2284	Unicorn-20812.exe
2996	Unicorn-36570.exe
1020	Unicorn-64650.exe
772	Unicorn-26602.exe
1620	Unicorn-37537.exe
656	Unicorn-46468.exe
1676	Unicorn-37916.exe
1460	Unicorn-25280.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2956	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	29
PID 2592 wrote to memory of 2956	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	29
PID 2592 wrote to memory of 2956	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	29
PID 2592 wrote to memory of 2956	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	29
PID 2592 wrote to memory of 2848	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	30
PID 2592 wrote to memory of 2848	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	30
PID 2592 wrote to memory of 2848	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	30
PID 2592 wrote to memory of 2848	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	30
PID 2956 wrote to memory of 2976	2956	Unicorn-27651.exe	31
PID 2956 wrote to memory of 2976	2956	Unicorn-27651.exe	31
PID 2956 wrote to memory of 2976	2956	Unicorn-27651.exe	31
PID 2956 wrote to memory of 2976	2956	Unicorn-27651.exe	31
PID 2848 wrote to memory of 2752	2848	Unicorn-47915.exe	32
PID 2848 wrote to memory of 2752	2848	Unicorn-47915.exe	32
PID 2848 wrote to memory of 2752	2848	Unicorn-47915.exe	32
PID 2848 wrote to memory of 2752	2848	Unicorn-47915.exe	32
PID 2976 wrote to memory of 2808	2976	Unicorn-55336.exe	34
PID 2976 wrote to memory of 2808	2976	Unicorn-55336.exe	34
PID 2976 wrote to memory of 2808	2976	Unicorn-55336.exe	34
PID 2976 wrote to memory of 2808	2976	Unicorn-55336.exe	34
PID 2592 wrote to memory of 2660	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	33
PID 2592 wrote to memory of 2660	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	33
PID 2592 wrote to memory of 2660	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	33
PID 2592 wrote to memory of 2660	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	33
PID 2956 wrote to memory of 2712	2956	Unicorn-27651.exe	35
PID 2956 wrote to memory of 2712	2956	Unicorn-27651.exe	35
PID 2956 wrote to memory of 2712	2956	Unicorn-27651.exe	35
PID 2956 wrote to memory of 2712	2956	Unicorn-27651.exe	35
PID 2752 wrote to memory of 2616	2752	Unicorn-58481.exe	36
PID 2752 wrote to memory of 2616	2752	Unicorn-58481.exe	36
PID 2752 wrote to memory of 2616	2752	Unicorn-58481.exe	36
PID 2752 wrote to memory of 2616	2752	Unicorn-58481.exe	36
PID 2848 wrote to memory of 1080	2848	Unicorn-47915.exe	37
PID 2848 wrote to memory of 1080	2848	Unicorn-47915.exe	37
PID 2848 wrote to memory of 1080	2848	Unicorn-47915.exe	37
PID 2848 wrote to memory of 1080	2848	Unicorn-47915.exe	37
PID 2808 wrote to memory of 1268	2808	Unicorn-6073.exe	38
PID 2808 wrote to memory of 1268	2808	Unicorn-6073.exe	38
PID 2808 wrote to memory of 1268	2808	Unicorn-6073.exe	38
PID 2808 wrote to memory of 1268	2808	Unicorn-6073.exe	38
PID 2660 wrote to memory of 2940	2660	Unicorn-65480.exe	39
PID 2660 wrote to memory of 2940	2660	Unicorn-65480.exe	39
PID 2660 wrote to memory of 2940	2660	Unicorn-65480.exe	39
PID 2660 wrote to memory of 2940	2660	Unicorn-65480.exe	39
PID 2712 wrote to memory of 1052	2712	Unicorn-5751.exe	40
PID 2712 wrote to memory of 1052	2712	Unicorn-5751.exe	40
PID 2712 wrote to memory of 1052	2712	Unicorn-5751.exe	40
PID 2712 wrote to memory of 1052	2712	Unicorn-5751.exe	40
PID 2976 wrote to memory of 2544	2976	Unicorn-55336.exe	42
PID 2976 wrote to memory of 2544	2976	Unicorn-55336.exe	42
PID 2976 wrote to memory of 2544	2976	Unicorn-55336.exe	42
PID 2976 wrote to memory of 2544	2976	Unicorn-55336.exe	42
PID 2956 wrote to memory of 1476	2956	Unicorn-27651.exe	41
PID 2956 wrote to memory of 1476	2956	Unicorn-27651.exe	41
PID 2956 wrote to memory of 1476	2956	Unicorn-27651.exe	41
PID 2956 wrote to memory of 1476	2956	Unicorn-27651.exe	41
PID 2592 wrote to memory of 2448	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	43
PID 2592 wrote to memory of 2448	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	43
PID 2592 wrote to memory of 2448	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	43
PID 2592 wrote to memory of 2448	2592	4d6314951ff0dd3813f3c4af3d391fd0N.exe	43
PID 2616 wrote to memory of 1744	2616	Unicorn-59991.exe	44
PID 2616 wrote to memory of 1744	2616	Unicorn-59991.exe	44
PID 2616 wrote to memory of 1744	2616	Unicorn-59991.exe	44
PID 2616 wrote to memory of 1744	2616	Unicorn-59991.exe	44

C:\Users\Admin\AppData\Local\Temp\4d6314951ff0dd3813f3c4af3d391fd0N.exe
"C:\Users\Admin\AppData\Local\Temp\4d6314951ff0dd3813f3c4af3d391fd0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6073.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26204.exe
        7⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        7⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        6⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        6⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        7⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        6⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        6⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        5⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        5⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        5⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        7⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        7⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
        7⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        6⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        6⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
        6⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        6⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61489.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        6⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        5⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        5⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        5⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19389.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        6⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
        6⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        5⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        5⤵
        
        PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
        6⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
        5⤵
        
        PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
        5⤵
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        5⤵
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
      4⤵
      PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
      4⤵
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
      4⤵
      PID:1488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        7⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        6⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        6⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15095.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24879.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        6⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
      4⤵
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
      4⤵
      PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        5⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        5⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        5⤵
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        5⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
        5⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32715.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      4⤵
      PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
      4⤵
      PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
      4⤵
      PID:4308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        5⤵
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
      4⤵
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
      4⤵
      PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14338.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
      4⤵
      PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
    3⤵
    PID:2068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26867.exe
    3⤵
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
    3⤵
    PID:4656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        7⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        7⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
        6⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        7⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        6⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
        6⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        6⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        6⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        6⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        6⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        5⤵
        
        PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        5⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        5⤵
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        6⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
        7⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        5⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        5⤵
        
        PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
      4⤵
      PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64875.exe
      4⤵
      PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        6⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-789.exe
        7⤵
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        5⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        5⤵
        
        PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6987.exe
        5⤵
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21418.exe
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
      4⤵
      PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
      4⤵
      PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
      4⤵
      PID:5000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
      4⤵
      PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
      4⤵
      PID:4680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
    3⤵
    PID:472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
    3⤵
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
    3⤵
    PID:4608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        6⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
        6⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        6⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        5⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        5⤵
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        5⤵
        
        PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        5⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
      4⤵
      PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
      4⤵
      PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
      4⤵
      PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        5⤵
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
      4⤵
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
      4⤵
      PID:3480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
      4⤵
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        5⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        5⤵
        
        PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
      4⤵
      PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
    3⤵
    PID:688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
    3⤵
    PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
    3⤵
    PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
    3⤵
    PID:4260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        6⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17965.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
      4⤵
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      4⤵
      PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
      4⤵
      PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39542.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
      4⤵
      PID:4228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
    3⤵
    PID:360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36741.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
    3⤵
    PID:3424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
    3⤵
    PID:4724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
    3⤵
    PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
    3⤵
    PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
    3⤵
    PID:3608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
    3⤵
    PID:4852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
  2⤵
  PID:1532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
  2⤵
  PID:2212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
  2⤵
  PID:3104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
  2⤵
  PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe

Filesize
468KB

MD5
e7f70b4a9706a67c518766f5a92d9779

SHA1
7325791cd483f2f88413de9a4adb467c8717c7bf

SHA256
8d023e41eb90d06edaa055fab83a9530dabfd953790752692dc0a9ea1aafec4f

SHA512
11aa78ae96cb7ef8e53518766d12ff8be3386e373f5b9a10d0a679494c44f2b62ec88383f1289b7be1e5daba4a11dc47786ba98596f9a62e916e2d145f2b7260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe

Filesize
468KB

MD5
8c9136d0a3b16348369538318f73b310

SHA1
b58039f93931f30f96ca09163c20fea229a1c5f6

SHA256
b757078222ebaa1b7ec8694a28f48f87c90899d0ec9693c2b3a082bafeda0a7d

SHA512
e8b298b9a79a5f1c481038c66de92c4b354d6d1e984ee0b063120a1a337af7d9e615b84a6a7108b4ce4a3cf290aa418c6a941752c85d28b648ee741e6f294f42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe

Filesize
468KB

MD5
901ae4d260f85eb82f3c3a347d1c9aad

SHA1
4be528ef805bfac68377be7c25bd7b2ff3236191

SHA256
7a52c6cd9af143f608155ea3569b8ef26715c28f50483ec096e85adc4e851e5c

SHA512
bbef848eadedc8a6cda7b46e9936cde9d6034d8d2daeed8fecf83a2bbb264fad0ab6a013d369b56aff5765ddd62067c9b332b74bff81655c036ca29f765f2c54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe

Filesize
468KB

MD5
c792acbba8e70b564d395666b1651bc9

SHA1
dff4e10db7430be700676a7341c486c4929646e0

SHA256
38828023b4448cdb67738a95ad7f7e9f3d3ccc137108377d1639341fabe6d048

SHA512
5c03391fe45f4f96fa8bd6c0678bf656261d6f046a690ec44d4d4a1fa644b46a48c3041ec2056bab82889785ce9e8e9cf18a59430660b97a9e57d49783933ae1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe

Filesize
468KB

MD5
9f0cf0dc4eaa3a95f91010873c5739c7

SHA1
28f88f415252058a03f1cf82e918d3412c821555

SHA256
2d248bef86a6eea53d213ae34c76cc343f6adc83c1fc35d105aac973badc17f8

SHA512
204fd6aac508160710e37b263a4b97c3abb1a169992553ed421427122bedfd147197541951836510a393d23efd62884e12c6fd67b122b1dd3568ad90d86e6445

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe

Filesize
468KB

MD5
71c8a28f04e6f19018f671d3f3d28d6c

SHA1
c33757ac636a947228e0f49e69fcf7e325169cad

SHA256
5aa98a261658b8b55d8a50705c2bb875fed65dfc564eaf31a56678571c9191ca

SHA512
22abb7d4f4ce8c1569355b570aae97c46adf77a043ba0723ad5949647afa2bf0c3e07866b4584b38cbbd3a6b4f26c9e71ad75cf9e382a0439002ae9e1baf48b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe

Filesize
468KB

MD5
255640d8a9835a78dbde0b7208889491

SHA1
12ac0d4221e20be5e7859483ef30318d8b002c4e

SHA256
2548a0b7e37582e96174aea29374c558ccbc8cab3957f200fa30470be82a1a14

SHA512
8c423d8da64eb266a7402c17940524913970d09487687365a24eaf9730dbfc28489db9ee40dddf8db75144e1a6d5107e55a6e06b143f4c42fc9822c131c3c839

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe

Filesize
468KB

MD5
7ef8604a1292065198436cc4b7000366

SHA1
d6ff20891be031c0fd4ae2b70ec4b3e831b76966

SHA256
3ea5f29aabd4ae3704e9373ec56f479810fe0292f27a7af4e9958649cbd2d704

SHA512
34c9ff0ab0e577af672003490086a6fafc7509855f13a5c977b2bc9cf1ca8fde1ba92d6df541b8c66d1c83c5002c04c985856d129a284d337b69c2baf5fdb1b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe

Filesize
468KB

MD5
52c7c98646cfca1133765035f1d77bdd

SHA1
49a16f1699a46186308eb49d788427b1aff6e481

SHA256
7627f017a3aba41155e4f1fa76ba6698236b7747e13bfc499742486aacb7f329

SHA512
ec92ad8192e33be87a08790efb657cf1ce3da66fa833f2ee6f12ee82d05a6e035009257428de768294efd8c4fa196777ce33f609067240a8711c1f6df5b4aaa8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe

Filesize
468KB

MD5
790080f6f3076ac34d97da1a6b81f352

SHA1
9a29acdefd8b9826ed93bad070e1ae73413d0bb1

SHA256
89bf41e6e950a8ba7554bcc10acd1a49b86e62617f1cc8e8a87a0865351373ea

SHA512
a39b40a1f20ffedd8fa75909c68ad29f49ba1fabc442c89ff7decc054dc4a5c7f3e6d704d2b2ab02b15f533f91d984a3ce88d07f58f4a60070a4d3fab6b38f03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe

Filesize
468KB

MD5
107d8139fc398372b1add07bac5b515f

SHA1
bc125f5e662d6221e9ca3ea10a396f29e4c90aee

SHA256
1941955e1a375fbe8501922a5b655cc6199e370b7a62065c904a25cd579e0b56

SHA512
76c2b510e8b9cfe3eb5d109963414502bc44577091b42c60ee00bd11835d748ee9a0ebdc606ae9d19bbb602a9466ca4b66d41ac50f04b86326270d535a8eed09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe

Filesize
468KB

MD5
fa846b9177761c0962661706a7ceff83

SHA1
ef93b7ccb243ba411b973030102b74dade960ba8

SHA256
a85180082c48923c07277b36e7e0731218e8d21708ed4f5ba7da685e83037ce4

SHA512
457fe7a6c488da4cccc0140e7fb159b2b99484bd87250913cdfe5ba31f3c66540d879867f18f6a9aaae4fc2693b524c4e9cdbc8acc08ed194edc85d9485e2512

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe

Filesize
468KB

MD5
94a7f38867d8b26bc2f1fbff8fcb5b10

SHA1
c23f9fff17f0d1c2d1cb6b34b93668de74ef7d66

SHA256
18b715ee675ae24c06feea6dda065194627a4d32602a779c10106d3a57301f9e

SHA512
1b8fe9fbce857df8b82249f19d0290bf188e53d9f881c1f9e055a34a02e9fb9ef9ee8cce2f26a3a2246138a4db3b2f7e8cb8449c8e2d82bdaafd26a19c546c2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe

Filesize
468KB

MD5
5df23ddab38f246d5025ba78cd754b9f

SHA1
6d67d370e2864a160f2bc7cbd94977281798a93c

SHA256
556e1ba630e0bf8a7368ff88b7751f61a50d6be5be8f9df344a20b3048ad5789

SHA512
286e55793d147beb1395a5be6bc85c6a93d292fa54567157d9d1d567bb60a15af5e2aacbc2cd0257186ae71ea2efed813ff37feff87e31c0da58ae0aeed405c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe

Filesize
468KB

MD5
8be125691f800f43ea94fe938420ca4a

SHA1
3d082de992b9cb253d31c0fa5fcaefbb0e44cfb2

SHA256
4489762f1ce29c55b4edcf34617f139c26cb97741843115d26370c74a40581c9

SHA512
462bd251dd49945bbff2fccd07691f03568614640ee3058ef07db1f16fa15a6df4c494739644526969fa08a1593731815d62cf39513558ac3934738eb581fa9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe

Filesize
468KB

MD5
bf3428ff00a71c59f0aad02de13f1391

SHA1
ce2b9763bdb7e1d28df9baaef504581d8ff470c7

SHA256
5dd7673a4d818f5202245f2f08eff186d9f350cfb1088fad081ae4e49b6de4b2

SHA512
aaf5955c84a21c266dfd271754cdc01f26e88f8fa98aded53549261b7b673d69c80756cf2d5560735db2c59b349e866adaf7806dc2e0d9f027b9791d9c0166c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6073.exe

Filesize
468KB

MD5
351809c1f743fe57ba7361b193b14cd7

SHA1
adbf4e026377373fa03e81248ea7b0fd83c78c7e

SHA256
5b55716980600ac895480e6e02921cb3a09c6ec5133aa459df734e4bd1d8800f

SHA512
57affd6dbab343e61f152b4200a3efd51aec7be4f6e0ab6d42351a7544fbf02c35b00d863ff5f9b4537644d9d5dffb8f17821080b4efc7308bdf349c7dd79439

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe

Filesize
468KB

MD5
2880814563241b57062539720f6c4456

SHA1
3263c9f761265e1a6e4bec512c264b6123db5bd4

SHA256
8d79ebfc239e36459baa30dfdef7ba953b760e329786c1a0a6a162b857b9cde4

SHA512
b59f3600f2bab501cb0c5d03bf4fef4959bc7e8dc2e76ba2fd45a92e93030f1dd6f106ab25987167cb3ee82e34017711d183cf6134d035a4e65d47f541a52569

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe

Filesize
468KB

MD5
2518fc1ca1ac60cf32cdcb9a750ea846

SHA1
2d80267e163be740325881752271d071afc9cdc9

SHA256
ba21aab1ad0260e812d25226450152cbfe3c9e3e3fbcc8d5298a1e9b9fbc3484

SHA512
71468c850a24ca43c40d50737c824a68e72a03120d185b62ed3479e768cd58f8dc14c0912893132ac2a62498a786f6cc3ab98e7856f7d81bf472462b3642c3a8

Download Submit