655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3

Analysis

max time kernel
118s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
Size

468KB
MD5

ffcb46fa7303dc5ca12980e44cd387d0
SHA1

d93b394b97270f7ba0af2804d848c1be3aa12718
SHA256

655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3
SHA512

1a7339b46fa3eecc86c8a614a44cf052ee28efa180d11aabd5ee11b8f61c68e77dd3f0803fbcce21f7816f696d72e868e993488373cbbd1685255d0eb30b90d4
SSDEEP

3072:tbAuorldI03YtbYNPzcIffT/VCpZtumpnsHCdVhF2aPaMS/7twlv:tbZoQOYtCP4Iff4hVr2aiH/7t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2096	Unicorn-872.exe
272	Unicorn-39465.exe
2080	Unicorn-34827.exe
2812	Unicorn-1739.exe
1824	Unicorn-61530.exe
2800	Unicorn-59684.exe
764	Unicorn-15314.exe
952	Unicorn-45865.exe
3044	Unicorn-49264.exe
2552	Unicorn-24687.exe
2104	Unicorn-49264.exe
944	Unicorn-33591.exe
2140	Unicorn-63.exe
1864	Unicorn-38225.exe
2624	Unicorn-47327.exe
1520	Unicorn-11324.exe
1912	Unicorn-3156.exe
2144	Unicorn-18154.exe
2412	Unicorn-58148.exe
2180	Unicorn-4884.exe
3012	Unicorn-26273.exe
2472	Unicorn-56908.exe
3036	Unicorn-3218.exe
1852	Unicorn-31252.exe
2112	Unicorn-23084.exe
776	Unicorn-3794.exe
2032	Unicorn-42034.exe
872	Unicorn-64308.exe
1784	Unicorn-34362.exe
928	Unicorn-13195.exe
1992	Unicorn-29843.exe
1388	Unicorn-40798.exe
2456	Unicorn-39764.exe
2540	Unicorn-34934.exe
2296	Unicorn-1109.exe
2256	Unicorn-42607.exe
2672	Unicorn-54159.exe
2828	Unicorn-1576.exe
2688	Unicorn-64160.exe
2976	Unicorn-18297.exe
2696	Unicorn-54014.exe
2716	Unicorn-60144.exe
2616	Unicorn-60144.exe
2632	Unicorn-47871.exe
2752	Unicorn-58806.exe
2628	Unicorn-26704.exe
1640	Unicorn-31726.exe
1700	Unicorn-2391.exe
2416	Unicorn-12671.exe
1920	Unicorn-4046.exe
2668	Unicorn-3242.exe
2008	Unicorn-45728.exe
2892	Unicorn-64185.exe
1716	Unicorn-50450.exe
684	Unicorn-4513.exe
1660	Unicorn-1279.exe
612	Unicorn-4778.exe
304	Unicorn-56226.exe
1392	Unicorn-23938.exe
1120	Unicorn-1353.exe
3024	Unicorn-1664.exe
2020	Unicorn-45188.exe
1560	Unicorn-51924.exe
2312	Unicorn-18012.exe

Loads dropped DLL 64 IoCs

pid	Process
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
2096	Unicorn-872.exe
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
2096	Unicorn-872.exe
2080	Unicorn-34827.exe
2080	Unicorn-34827.exe
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
272	Unicorn-39465.exe
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
272	Unicorn-39465.exe
2096	Unicorn-872.exe
2096	Unicorn-872.exe
1824	Unicorn-61530.exe
1824	Unicorn-61530.exe
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
2800	Unicorn-59684.exe
764	Unicorn-15314.exe
2800	Unicorn-59684.exe
764	Unicorn-15314.exe
2812	Unicorn-1739.exe
2812	Unicorn-1739.exe
272	Unicorn-39465.exe
272	Unicorn-39465.exe
2096	Unicorn-872.exe
2096	Unicorn-872.exe
2080	Unicorn-34827.exe
2080	Unicorn-34827.exe
2104	Unicorn-49264.exe
2104	Unicorn-49264.exe
2552	Unicorn-24687.exe
2552	Unicorn-24687.exe
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
764	Unicorn-15314.exe
764	Unicorn-15314.exe
944	Unicorn-33591.exe
944	Unicorn-33591.exe
272	Unicorn-39465.exe
272	Unicorn-39465.exe
2140	Unicorn-63.exe
2140	Unicorn-63.exe
2812	Unicorn-1739.exe
1864	Unicorn-38225.exe
2812	Unicorn-1739.exe
952	Unicorn-45865.exe
1864	Unicorn-38225.exe
952	Unicorn-45865.exe
1824	Unicorn-61530.exe
1824	Unicorn-61530.exe
2080	Unicorn-34827.exe
2080	Unicorn-34827.exe
3044	Unicorn-49264.exe
3044	Unicorn-49264.exe
2800	Unicorn-59684.exe
2800	Unicorn-59684.exe
2624	Unicorn-47327.exe
2624	Unicorn-47327.exe
2096	Unicorn-872.exe
2096	Unicorn-872.exe
1912	Unicorn-3156.exe
1912	Unicorn-3156.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56650.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
2096	Unicorn-872.exe
2080	Unicorn-34827.exe
272	Unicorn-39465.exe
2812	Unicorn-1739.exe
1824	Unicorn-61530.exe
2800	Unicorn-59684.exe
764	Unicorn-15314.exe
952	Unicorn-45865.exe
2552	Unicorn-24687.exe
2104	Unicorn-49264.exe
3044	Unicorn-49264.exe
2624	Unicorn-47327.exe
944	Unicorn-33591.exe
1864	Unicorn-38225.exe
2140	Unicorn-63.exe
1520	Unicorn-11324.exe
1912	Unicorn-3156.exe
2144	Unicorn-18154.exe
2412	Unicorn-58148.exe
2180	Unicorn-4884.exe
3012	Unicorn-26273.exe
3036	Unicorn-3218.exe
2472	Unicorn-56908.exe
2112	Unicorn-23084.exe
1852	Unicorn-31252.exe
776	Unicorn-3794.exe
1784	Unicorn-34362.exe
2032	Unicorn-42034.exe
872	Unicorn-64308.exe
1992	Unicorn-29843.exe
928	Unicorn-13195.exe
1388	Unicorn-40798.exe
2456	Unicorn-39764.exe
2296	Unicorn-1109.exe
2540	Unicorn-34934.exe
2256	Unicorn-42607.exe
2672	Unicorn-54159.exe
2828	Unicorn-1576.exe
2688	Unicorn-64160.exe
2976	Unicorn-18297.exe
2696	Unicorn-54014.exe
2616	Unicorn-60144.exe
2716	Unicorn-60144.exe
2632	Unicorn-47871.exe
2752	Unicorn-58806.exe
2628	Unicorn-26704.exe
2668	Unicorn-3242.exe
1640	Unicorn-31726.exe
1920	Unicorn-4046.exe
1700	Unicorn-2391.exe
2416	Unicorn-12671.exe
2008	Unicorn-45728.exe
684	Unicorn-4513.exe
1716	Unicorn-50450.exe
2892	Unicorn-64185.exe
1660	Unicorn-1279.exe
612	Unicorn-4778.exe
304	Unicorn-56226.exe
1392	Unicorn-23938.exe
1120	Unicorn-1353.exe
3024	Unicorn-1664.exe
2020	Unicorn-45188.exe
1560	Unicorn-51924.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 2096	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	29
PID 904 wrote to memory of 2096	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	29
PID 904 wrote to memory of 2096	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	29
PID 904 wrote to memory of 2096	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	29
PID 904 wrote to memory of 272	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	31
PID 904 wrote to memory of 272	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	31
PID 904 wrote to memory of 272	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	31
PID 904 wrote to memory of 272	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	31
PID 2096 wrote to memory of 2080	2096	Unicorn-872.exe	30
PID 2096 wrote to memory of 2080	2096	Unicorn-872.exe	30
PID 2096 wrote to memory of 2080	2096	Unicorn-872.exe	30
PID 2096 wrote to memory of 2080	2096	Unicorn-872.exe	30
PID 2080 wrote to memory of 2812	2080	Unicorn-34827.exe	32
PID 2080 wrote to memory of 2812	2080	Unicorn-34827.exe	32
PID 2080 wrote to memory of 2812	2080	Unicorn-34827.exe	32
PID 2080 wrote to memory of 2812	2080	Unicorn-34827.exe	32
PID 904 wrote to memory of 1824	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	33
PID 904 wrote to memory of 1824	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	33
PID 904 wrote to memory of 1824	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	33
PID 904 wrote to memory of 1824	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	33
PID 272 wrote to memory of 2800	272	Unicorn-39465.exe	34
PID 272 wrote to memory of 2800	272	Unicorn-39465.exe	34
PID 272 wrote to memory of 2800	272	Unicorn-39465.exe	34
PID 272 wrote to memory of 2800	272	Unicorn-39465.exe	34
PID 2096 wrote to memory of 764	2096	Unicorn-872.exe	35
PID 2096 wrote to memory of 764	2096	Unicorn-872.exe	35
PID 2096 wrote to memory of 764	2096	Unicorn-872.exe	35
PID 2096 wrote to memory of 764	2096	Unicorn-872.exe	35
PID 1824 wrote to memory of 952	1824	Unicorn-61530.exe	36
PID 1824 wrote to memory of 952	1824	Unicorn-61530.exe	36
PID 1824 wrote to memory of 952	1824	Unicorn-61530.exe	36
PID 1824 wrote to memory of 952	1824	Unicorn-61530.exe	36
PID 904 wrote to memory of 2552	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	37
PID 904 wrote to memory of 2552	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	37
PID 904 wrote to memory of 2552	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	37
PID 904 wrote to memory of 2552	904	655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe	37
PID 2800 wrote to memory of 3044	2800	Unicorn-59684.exe	38
PID 2800 wrote to memory of 3044	2800	Unicorn-59684.exe	38
PID 2800 wrote to memory of 3044	2800	Unicorn-59684.exe	38
PID 2800 wrote to memory of 3044	2800	Unicorn-59684.exe	38
PID 764 wrote to memory of 2104	764	Unicorn-15314.exe	39
PID 764 wrote to memory of 2104	764	Unicorn-15314.exe	39
PID 764 wrote to memory of 2104	764	Unicorn-15314.exe	39
PID 764 wrote to memory of 2104	764	Unicorn-15314.exe	39
PID 2812 wrote to memory of 2140	2812	Unicorn-1739.exe	40
PID 2812 wrote to memory of 2140	2812	Unicorn-1739.exe	40
PID 2812 wrote to memory of 2140	2812	Unicorn-1739.exe	40
PID 2812 wrote to memory of 2140	2812	Unicorn-1739.exe	40
PID 272 wrote to memory of 944	272	Unicorn-39465.exe	41
PID 272 wrote to memory of 944	272	Unicorn-39465.exe	41
PID 272 wrote to memory of 944	272	Unicorn-39465.exe	41
PID 272 wrote to memory of 944	272	Unicorn-39465.exe	41
PID 2096 wrote to memory of 2624	2096	Unicorn-872.exe	42
PID 2096 wrote to memory of 2624	2096	Unicorn-872.exe	42
PID 2096 wrote to memory of 2624	2096	Unicorn-872.exe	42
PID 2096 wrote to memory of 2624	2096	Unicorn-872.exe	42
PID 2080 wrote to memory of 1864	2080	Unicorn-34827.exe	43
PID 2080 wrote to memory of 1864	2080	Unicorn-34827.exe	43
PID 2080 wrote to memory of 1864	2080	Unicorn-34827.exe	43
PID 2080 wrote to memory of 1864	2080	Unicorn-34827.exe	43
PID 2104 wrote to memory of 1520	2104	Unicorn-49264.exe	44
PID 2104 wrote to memory of 1520	2104	Unicorn-49264.exe	44
PID 2104 wrote to memory of 1520	2104	Unicorn-49264.exe	44
PID 2104 wrote to memory of 1520	2104	Unicorn-49264.exe	44

C:\Users\Admin\AppData\Local\Temp\655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe
"C:\Users\Admin\AppData\Local\Temp\655febf54f7c74b93f61cb056ec90414b39fa34626c284df0e5bc905e50698e3N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        8⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        7⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        6⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38794.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        7⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        6⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
        7⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        6⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        6⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        5⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        5⤵
        
        PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29802.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        6⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        6⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64160.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        6⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        6⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        5⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        5⤵
        
        PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
        6⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        5⤵
        
        PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40036.exe
      4⤵
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        7⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        6⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        6⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        6⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        6⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        6⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        5⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        5⤵
        
        PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        6⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        6⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
        6⤵
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        6⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        5⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        5⤵
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        6⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
        6⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47207.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        5⤵
        
        PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47327.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
        5⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        5⤵
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
        5⤵
        
        PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
      4⤵
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
      4⤵
      PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
      4⤵
      PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
    3⤵
    PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
    3⤵
    PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
    3⤵
    PID:4004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
    3⤵
    PID:4112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        6⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        6⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11257.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        5⤵
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28604.exe
        6⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        5⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
      4⤵
      PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        5⤵
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
      4⤵
      PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
      4⤵
      PID:4688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        5⤵
        
        PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
      4⤵
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
      4⤵
      PID:4672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
      4⤵
      PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
    3⤵
    PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
    3⤵
    PID:844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
    3⤵
    PID:3796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
    3⤵
    PID:3912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
    3⤵
    PID:752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26704.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        6⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        6⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        5⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31726.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        5⤵
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        5⤵
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
      4⤵
      PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
      4⤵
      PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44457.exe
        5⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        5⤵
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
      4⤵
      PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
      4⤵
      PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
      4⤵
      PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
    3⤵
    PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
    3⤵
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
    3⤵
    PID:4120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41171.exe
    3⤵
    PID:4960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19390.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
        5⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6449.exe
      4⤵
      PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
      4⤵
      PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        6⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        6⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        5⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        5⤵
        
        PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
      4⤵
      PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
      4⤵
      PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      4⤵
      PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
      4⤵
      PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
    3⤵
    PID:1260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
    3⤵
    PID:2244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
    3⤵
    PID:3980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
    3⤵
    PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
    3⤵
    PID:4728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
      4⤵
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
      4⤵
      PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
      4⤵
      PID:628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
      4⤵
      PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
    3⤵
    PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
    3⤵
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
    3⤵
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
    3⤵
    PID:4412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42607.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42607.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
    3⤵
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
      4⤵
      PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
    3⤵
    PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
    3⤵
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
    3⤵
    PID:4928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
  2⤵
  PID:2568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
  2⤵
  PID:4016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
  2⤵
  PID:1592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
  2⤵
  PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11257.exe

Filesize
468KB

MD5
a63d8710707048dddac40163be3316d4

SHA1
426da2f21b84d6812efe47140ad66a9c0f6fe15f

SHA256
850464ed16a25dad04b33450d514ae3bf34ff089c5f2c7fa98fb4e6ca71f927a

SHA512
e64396434c4bb2821fb6b53e535eef3e4e3293d41e4f65779adc224f248b9331deb9d3279f324be81e7f89236fce5fea651c54c9c06cc03126331b805be37cfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe

Filesize
468KB

MD5
d2936ac8f369838bda2532bbfe5ee194

SHA1
0c6fa4d68174bda5ae15de22549fed312fe8dd5f

SHA256
51dfcb6a8f398466ac4c21ec069a866efadba0fbe49029015fc4415b3bac452a

SHA512
6cfd6ca52c51d83e2e1f63445b9f626998969e0e49c4e433b3a270b19c896480af4041179b9e95c27be732ff0c5cd2b950be143cf4ccfe694516ff940f276a8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe

Filesize
468KB

MD5
bc8016de3437b67b133bc7f425537ede

SHA1
a066bd94d205c204f786b76a058cb5d809447ae9

SHA256
aaccac44deaedaecf518f94c2e896be6faf628229c7b6114299e69d330353969

SHA512
6dc34de4cb3de39db74578341c05a1e446858f5813f5dd1dcfcc7bbdf308d47824d280b2c3b7cdc47c70b4ce76fae77c29183a18c021cdb4128f425e72785a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31726.exe

Filesize
468KB

MD5
52ac9482c5185a6b9f63ba28f028c872

SHA1
0efd1e6edab6bbbb156c8fbeb23f36bca86dfe4a

SHA256
19f6946b19046eb2d9a50f511f41e05fbddc778f9db5694b35e3af8c0a0437b3

SHA512
bd9954a4dbdb40cfe6bea4306504cc4e708c494145b7351da43767cb28dd2f7efa87738de821d05b8440e3bd8897234fa43319d500fbe3765f6397a4988b0d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe

Filesize
468KB

MD5
bc694077981086773c50848fd69473c8

SHA1
5e90f05b9b92194e38db38086716fb30e6f22494

SHA256
e35bfaacd5f18a71bfd206378e2fe70b5ac6429acef8f50f84b3d9c3b9143534

SHA512
f617a443d61e98d4cee063ff831d9071768c693e66c206d7bddd8efba3cb244cdfc6ead30365b70e9a9055d5bfa06ca9160a05dd4a63d6cca56e1a6e4a123acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe

Filesize
468KB

MD5
76129b81f123558e328ffe7fc27c58e2

SHA1
50fd312000cdfb29d9ebcb29410183362717f1cc

SHA256
6d71cca936b4089d4dfb6da81c426e8900cc36b1ae91ab6a35a7f534eb5f9eb3

SHA512
e4af77cc7408df8a8b44e178f301e56a2159f602c2e6e0f11c48a310dc08d7212a11b4959a4a950bf28d70b171a026e3ba4720c1789c1d35697788d4f64d492a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe

Filesize
468KB

MD5
b8ec24c6f093bade6e7158e723bcd766

SHA1
cc20766ae2edddb8ac20ef31739c1e55f81e3d80

SHA256
9d120af2b65ac2877262a382e62d512ccdd75a9a3bfc87697312875331bf100e

SHA512
dd3f9698bffdb7e57e7c0a0dfadca88d69a78647962d1f44560cf5c643db9d8fa06ce1f79f586a1e59b4d817af212b966fbfc230b695edb6701928c46ccc29b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe

Filesize
468KB

MD5
98d215373623accf9aa46b3d1cf47c85

SHA1
937e62b396f11a7551b2f2d048d420ff281302d3

SHA256
c2c9d439d1d23f3844b7c81e8d5b139a700c20ad7f29559f72981829452c4ad1

SHA512
677cfcec883f9fa7ff94681d699b05c9de7219b688e5bb16093d9adca6dc693eb65a5b08e9ed4e260cf2a635d7caa8e9203e5b0e8848a073e69683a4ceffaa53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe

Filesize
468KB

MD5
7ed35ab75378e8e58f9959b6739d12ac

SHA1
03747762cb497c63b24cecd8fa0ba9e4a7cb861b

SHA256
6a2d772a4e121a7644f8266275dea71da17c66c61b4b2332b57bf02e8ac96be8

SHA512
64a853c38425f8513bb6e8c2fa6630e4b7f0368c1bfbb548a1ea29586fff4da3e4c5873a4b7bfc046f3f6ce6550bfb61b3c380f080446b9738d284e1691423bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe

Filesize
468KB

MD5
90f3ab69d020fc0a55381cf11fdc0d62

SHA1
572c24d2c0b1e62c3be068bf17fac5a3e1efa855

SHA256
831924debc132e98debd7cede8cd771b1f4792889c46f7b3c1569bff3585ba0f

SHA512
dacf06c2dd288aa634c9cb6645d0f922e66df0f6e452fd291fd97e1fec9a4ce2e74c94b19a99c10c82661f67a2bd16c5bcb3eda7511f753d841e7e8671161354

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe

Filesize
468KB

MD5
48e52d3c7945b55bdbfcc69c4ae5e21b

SHA1
14b04f5cd18e47a9ef6a4477eb143b1755593a9b

SHA256
7c02dbda2f64b2005c32ee8fcb9a1a5dfec20fee07145afedb6ca43ece573624

SHA512
08800ff0833da7bf20fb2280a4805815a4c5565273b455219616b2a9b70691cd3af746385caad2209f8a4d9b2b90d2383a11eb757f945f47fb679ae00674c19f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe

Filesize
468KB

MD5
4a99e2613e467ee66a24431b62d60839

SHA1
d7bff5973dcbce4b23a26e1eafef3c4dbf9d9e34

SHA256
4d1e11830fa0b2b6c1a99d1d5ba9673a844983df8a2d550316164aa9469bcadf

SHA512
b66a4299102ca5a25c761673443ef2f060ad215d7408973bda65ab2f72697adfaee828cac4a42367a7e47c30f7f9a1dee4662fcdd3c13775a25da2db6459a256

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe

Filesize
468KB

MD5
d34705cf4915f14e5ef333f4e633c472

SHA1
fb247e7d01d3cfacc4abb635a4f6cf2fdc619851

SHA256
9fe8bcb6fa61e9a02feae5a05df23a9cf9a13e684916ab1763959d49df6fd761

SHA512
7b22640928770d6ea5ed8d508f73edb6d2269c9d1798f1685469fb4d8efd73e6431f0125a9ef91a583e07f4361a5df4f3796713f989bb5822236674a9eb33fbf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe

Filesize
468KB

MD5
5bef2a28207faa08b6cbc672c106c66e

SHA1
74db26b7d807cb516e98b7065c3a197bea0c7c29

SHA256
10b56ff3d23b7c35f1fb2a9429cf9f426327da3f239d2ca67f79591ac4ae23ef

SHA512
ba96fb23b204975caa3a6c8916bd8d32ec96cfce0f89474dc5452d3db2b7714b11cd93d1d00e6272090c3970dba5b9ce5474eceee2e7e67342b3aa423692bd6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe

Filesize
468KB

MD5
49f23fe4948b143f3fdb5c63db7a31f0

SHA1
4798a18945f6d1b3fb7ecb92184e439805b5fbcd

SHA256
3bb80158de75b353733b15d322ab81541d7267e12e5d740357d5d7e880565d51

SHA512
53ba593b73be33da9e0c13e29d287d452ab6b8624a84dc74f408f723993b127625882cd8bc5b77c3bc5f06e7322ae10514af3ca457a9bcb32fd6508e875cd85c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe

Filesize
468KB

MD5
34c01e95735c1688eed1042424c1ff62

SHA1
c6526f46a163ad2828c76bdbcda2e0a1d4370a80

SHA256
e591d9da9eba0ed318a2cdae1cec7f2ee031b75bf7ddb032e8072618e3ac9dd2

SHA512
04edb3dde99b2201528ede4e13ae39fc1c684867e81dbc5702d4c1c023d4329038503226a888fc783097ddf1a5b81fa5a68051b0cc2d25a079996fc8d1e04dd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe

Filesize
468KB

MD5
28fad7ebf94f98ceddf09137b2e1081c

SHA1
6611298f472ab20f87920fe8073ffc7f22a7c7ee

SHA256
e7b31b7b00c95c5599f584695b0194cd0e5db03720941155c73f4ce90a0391a7

SHA512
135a682eca048bde6385cd1b6effefb946fe180a614a7219d90bd8204aba87af7e7f204db5e36a13660513ce40408f896ac68e7e719c8e39c31e74ea3f0ba729

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe

Filesize
468KB

MD5
dca082fadb6bcc1e215ef89a55c2669d

SHA1
7bdaceb2b3158781f7c37ae3339e9fe0370fd7b5

SHA256
2fef4afd6fa104fdb20919d565b5fce339ade4d2df7843bf1e927626c346de9a

SHA512
66c038e3311cae438866382fb8d6d5c94556c2b6653b4832f3d8ac6062f40f07ff9272361028d5caf98d51ae7e5f4a1b2a7370759f0967dd538f6852ad3aef2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47327.exe

Filesize
468KB

MD5
6c1e06a79cfb9ff1481ef42c7c6eb7e7

SHA1
c90cf23ea6ad9fe4f24e5a0c46675afee54af752

SHA256
0262f3457e4e76a3fe5ec21f51bbef60f3148783303a142a383131ec515de231

SHA512
6ea60e73f3a4d019c9ee3d63c466df3cfc0d48e19eb44f50911b6f84c3819279889dc970f6b281820f6db0a96e959424105ebcb612d06cc7b3f9cd809e42d473

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe

Filesize
468KB

MD5
f4a943ff8d186c437a50d745c624d14d

SHA1
1c93bf6ce2d914007cc0cb49a0ea7e5903cd5b16

SHA256
d032ac754c5955e9df71b28e23aaa4e7e159ec32165e1222a930747734a4f5b0

SHA512
84243cc728be866488f7ec67f205ff118ff2dd5ecbb99cbf3067f692123df1ee865f2a90ed7e7c9093c88a58d1a6fde15c85debcff9d5124e464c361f112a53c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe

Filesize
468KB

MD5
b35610c612e1e7f5ce92382dedf2c703

SHA1
8614ed28c9d73ceecea4ec56f98fa34c7a578425

SHA256
9e09e6a1137bac829be23c670637d1fec14219c895054abed586378da56a94c2

SHA512
23cdc211025ed9d3dfc52ca7c208dbf5e7118e99793e33a8e2d80258aef780398529f28ac3d14a129f1b52bf595f3d77d81205958c5958d08e5f8d0f4b1fc27e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe

Filesize
468KB

MD5
d7e0c1f3041675dd28aee026e0c10ee0

SHA1
15864caa7c6cd0bf4d406180d9a8cf6ea8e48a9c

SHA256
cb7f016f205a60a57a2504eb1dc1e0909619bfe946392e908214e18a89aa3f6d

SHA512
0a93ef7fb1707e8bc9030497df7e0488d32e43461d2b0b790559635c91409cd4c92e24866b539c5da0c184cdc0158fd77959fd5da14c337cc949609b13e775bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe

Filesize
468KB

MD5
d75d1aeb2d4cf254ec3a84cfb55ca71d

SHA1
ac51d6473455f44fb3b473d5a3ba9507edcd3c6a

SHA256
952f31a939d908cad23a6b3c05066614dd470bd15288b35da2b380555882b67a

SHA512
239f26ffacd5727f693432fd63a0f14d914cc8170fe202d3f75ac1b112c81568894cd6e21a2d68fce77464240e0ddf82905b1d2079025947d058feb94bf2e4f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63.exe

Filesize
468KB

MD5
c1dfd5bf32b0c37718fa7c468bba71ab

SHA1
c3b6b0c134c0173900c70401a87eca1d92be190f

SHA256
db01d9ec3e3009e16506fc710f3fece9a1983e118bdc37e0c4dfeda918206d64

SHA512
953b6bef88e7a888617cd66d2433e88fbadd49d72e551cdf686a7fe10a1705d9dd7a4328607d4cb5f2d6431ca49a5fa5539a44882e5b23f1541e7fd0647d4a6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-872.exe

Filesize
468KB

MD5
19ca15dc9de8b30cca63570c00b3cc16

SHA1
736a9518fabad3bf13506a7a53f832068e798196

SHA256
673d76ff416c095ef2d0dd10e022af51f8b949f6893e851325268bf893420ee1

SHA512
4fd45e8c6c97e4217482c221b0a26ca4cb0eb09f16e20d1fe5acb5904a16eb171fd6d62322632f099758a5c1f09fdcbb9d0d48ad6c0656d7b67cf6b075ebbfe1

Download Submit