714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
Size

468KB
MD5

69ccac1ca1ebd45e0cd217976353c970
SHA1

e4e5322cf88fb8ad0300cc2f3bb4548a033c24ac
SHA256

714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28
SHA512

b93e5253bbc3f8165cf0be765eba6155780cc38ca39fbf9b2c0073e8f38f6a67cd19ba34d98ef77a2126ad7919bd1c03d6b57a43400512a3874a8230743f59e7
SSDEEP

3072:KbCgogcnI05UtbY+Pztjcf8/VCMvXlupb6KHeGVsXmda8+ct7OAl2:KbZoy8Ut5PJjcfE+EDmdLbt7O

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
236	Unicorn-55823.exe
2108	Unicorn-32269.exe
3064	Unicorn-59959.exe
2772	Unicorn-39646.exe
2900	Unicorn-3937.exe
2792	Unicorn-17864.exe
1792	Unicorn-56283.exe
3036	Unicorn-17737.exe
2612	Unicorn-907.exe
2884	Unicorn-4389.exe
2276	Unicorn-33916.exe
2356	Unicorn-63796.exe
1868	Unicorn-4389.exe
1428	Unicorn-50061.exe
1700	Unicorn-4124.exe
2928	Unicorn-5209.exe
1860	Unicorn-11623.exe
1812	Unicorn-16689.exe
1120	Unicorn-10062.exe
2360	Unicorn-53118.exe
2188	Unicorn-46604.exe
2220	Unicorn-36206.exe
1316	Unicorn-52350.exe
1540	Unicorn-48245.exe
976	Unicorn-25381.exe
1344	Unicorn-58702.exe
1516	Unicorn-38561.exe
1216	Unicorn-58427.exe
1676	Unicorn-52297.exe
592	Unicorn-41057.exe
2480	Unicorn-63144.exe
2244	Unicorn-10414.exe
1692	Unicorn-7057.exe
2500	Unicorn-50237.exe
1612	Unicorn-24005.exe
1616	Unicorn-43871.exe
1620	Unicorn-43871.exe
536	Unicorn-44748.exe
936	Unicorn-43907.exe
2668	Unicorn-37455.exe
2692	Unicorn-25842.exe
2676	Unicorn-20575.exe
2728	Unicorn-3160.exe
2712	Unicorn-3580.exe
2536	Unicorn-23062.exe
2124	Unicorn-35100.exe
2800	Unicorn-54966.exe
3040	Unicorn-24406.exe
2580	Unicorn-32496.exe
1252	Unicorn-11058.exe
2936	Unicorn-57223.exe
2460	Unicorn-33441.exe
1144	Unicorn-19706.exe
940	Unicorn-39572.exe
1212	Unicorn-6323.exe
1712	Unicorn-53915.exe
1420	Unicorn-55991.exe
1548	Unicorn-37168.exe
2036	Unicorn-23786.exe
2192	Unicorn-33415.exe
1752	Unicorn-61549.exe
2492	Unicorn-44263.exe
960	Unicorn-44528.exe
2608	Unicorn-32524.exe

Loads dropped DLL 64 IoCs

pid	Process
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
236	Unicorn-55823.exe
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
236	Unicorn-55823.exe
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
3064	Unicorn-59959.exe
3064	Unicorn-59959.exe
2108	Unicorn-32269.exe
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
2108	Unicorn-32269.exe
236	Unicorn-55823.exe
236	Unicorn-55823.exe
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
2772	Unicorn-39646.exe
2900	Unicorn-3937.exe
2772	Unicorn-39646.exe
2900	Unicorn-3937.exe
1792	Unicorn-56283.exe
2792	Unicorn-17864.exe
236	Unicorn-55823.exe
2792	Unicorn-17864.exe
1792	Unicorn-56283.exe
236	Unicorn-55823.exe
2108	Unicorn-32269.exe
2108	Unicorn-32269.exe
3064	Unicorn-59959.exe
3064	Unicorn-59959.exe
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
3036	Unicorn-17737.exe
3036	Unicorn-17737.exe
2900	Unicorn-3937.exe
2900	Unicorn-3937.exe
1700	Unicorn-4124.exe
1700	Unicorn-4124.exe
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
1428	Unicorn-50061.exe
1428	Unicorn-50061.exe
3064	Unicorn-59959.exe
3064	Unicorn-59959.exe
2884	Unicorn-4389.exe
2884	Unicorn-4389.exe
2356	Unicorn-63796.exe
2356	Unicorn-63796.exe
2792	Unicorn-17864.exe
2792	Unicorn-17864.exe
236	Unicorn-55823.exe
236	Unicorn-55823.exe
2276	Unicorn-33916.exe
2276	Unicorn-33916.exe
1868	Unicorn-4389.exe
2772	Unicorn-39646.exe
2108	Unicorn-32269.exe
1868	Unicorn-4389.exe
2772	Unicorn-39646.exe
2108	Unicorn-32269.exe
1792	Unicorn-56283.exe
1792	Unicorn-56283.exe
2928	Unicorn-5209.exe
2928	Unicorn-5209.exe
3036	Unicorn-17737.exe
3036	Unicorn-17737.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28769.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
236	Unicorn-55823.exe
3064	Unicorn-59959.exe
2108	Unicorn-32269.exe
2772	Unicorn-39646.exe
2792	Unicorn-17864.exe
1792	Unicorn-56283.exe
2900	Unicorn-3937.exe
3036	Unicorn-17737.exe
1428	Unicorn-50061.exe
1700	Unicorn-4124.exe
2356	Unicorn-63796.exe
2612	Unicorn-907.exe
2276	Unicorn-33916.exe
2884	Unicorn-4389.exe
1868	Unicorn-4389.exe
2928	Unicorn-5209.exe
1860	Unicorn-11623.exe
1120	Unicorn-10062.exe
1812	Unicorn-16689.exe
2360	Unicorn-53118.exe
2188	Unicorn-46604.exe
2220	Unicorn-36206.exe
1316	Unicorn-52350.exe
1540	Unicorn-48245.exe
1344	Unicorn-58702.exe
976	Unicorn-25381.exe
1216	Unicorn-58427.exe
1516	Unicorn-38561.exe
592	Unicorn-41057.exe
2480	Unicorn-63144.exe
2244	Unicorn-10414.exe
1692	Unicorn-7057.exe
2500	Unicorn-50237.exe
536	Unicorn-44748.exe
1616	Unicorn-43871.exe
1612	Unicorn-24005.exe
1620	Unicorn-43871.exe
936	Unicorn-43907.exe
2668	Unicorn-37455.exe
2692	Unicorn-25842.exe
2676	Unicorn-20575.exe
2728	Unicorn-3160.exe
2712	Unicorn-3580.exe
2536	Unicorn-23062.exe
2800	Unicorn-54966.exe
2124	Unicorn-35100.exe
2580	Unicorn-32496.exe
3040	Unicorn-24406.exe
940	Unicorn-39572.exe
1252	Unicorn-11058.exe
2460	Unicorn-33441.exe
2936	Unicorn-57223.exe
1144	Unicorn-19706.exe
1712	Unicorn-53915.exe
1212	Unicorn-6323.exe
1420	Unicorn-55991.exe
2036	Unicorn-23786.exe
2192	Unicorn-33415.exe
1548	Unicorn-37168.exe
1752	Unicorn-61549.exe
960	Unicorn-44528.exe
2492	Unicorn-44263.exe
2608	Unicorn-32524.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 236	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	29
PID 1568 wrote to memory of 236	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	29
PID 1568 wrote to memory of 236	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	29
PID 1568 wrote to memory of 236	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	29
PID 236 wrote to memory of 2108	236	Unicorn-55823.exe	30
PID 236 wrote to memory of 2108	236	Unicorn-55823.exe	30
PID 236 wrote to memory of 2108	236	Unicorn-55823.exe	30
PID 236 wrote to memory of 2108	236	Unicorn-55823.exe	30
PID 1568 wrote to memory of 3064	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	31
PID 1568 wrote to memory of 3064	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	31
PID 1568 wrote to memory of 3064	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	31
PID 1568 wrote to memory of 3064	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	31
PID 3064 wrote to memory of 2772	3064	Unicorn-59959.exe	32
PID 3064 wrote to memory of 2772	3064	Unicorn-59959.exe	32
PID 3064 wrote to memory of 2772	3064	Unicorn-59959.exe	32
PID 3064 wrote to memory of 2772	3064	Unicorn-59959.exe	32
PID 2108 wrote to memory of 1792	2108	Unicorn-32269.exe	33
PID 2108 wrote to memory of 1792	2108	Unicorn-32269.exe	33
PID 2108 wrote to memory of 1792	2108	Unicorn-32269.exe	33
PID 2108 wrote to memory of 1792	2108	Unicorn-32269.exe	33
PID 236 wrote to memory of 2900	236	Unicorn-55823.exe	35
PID 236 wrote to memory of 2900	236	Unicorn-55823.exe	35
PID 236 wrote to memory of 2900	236	Unicorn-55823.exe	35
PID 236 wrote to memory of 2900	236	Unicorn-55823.exe	35
PID 1568 wrote to memory of 2792	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	34
PID 1568 wrote to memory of 2792	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	34
PID 1568 wrote to memory of 2792	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	34
PID 1568 wrote to memory of 2792	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	34
PID 2772 wrote to memory of 2612	2772	Unicorn-39646.exe	36
PID 2772 wrote to memory of 2612	2772	Unicorn-39646.exe	36
PID 2772 wrote to memory of 2612	2772	Unicorn-39646.exe	36
PID 2772 wrote to memory of 2612	2772	Unicorn-39646.exe	36
PID 2900 wrote to memory of 3036	2900	Unicorn-3937.exe	37
PID 2900 wrote to memory of 3036	2900	Unicorn-3937.exe	37
PID 2900 wrote to memory of 3036	2900	Unicorn-3937.exe	37
PID 2900 wrote to memory of 3036	2900	Unicorn-3937.exe	37
PID 2792 wrote to memory of 2884	2792	Unicorn-17864.exe	39
PID 2792 wrote to memory of 2884	2792	Unicorn-17864.exe	39
PID 2792 wrote to memory of 2884	2792	Unicorn-17864.exe	39
PID 2792 wrote to memory of 2884	2792	Unicorn-17864.exe	39
PID 1792 wrote to memory of 1868	1792	Unicorn-56283.exe	38
PID 1792 wrote to memory of 1868	1792	Unicorn-56283.exe	38
PID 1792 wrote to memory of 1868	1792	Unicorn-56283.exe	38
PID 1792 wrote to memory of 1868	1792	Unicorn-56283.exe	38
PID 236 wrote to memory of 2356	236	Unicorn-55823.exe	40
PID 236 wrote to memory of 2356	236	Unicorn-55823.exe	40
PID 236 wrote to memory of 2356	236	Unicorn-55823.exe	40
PID 236 wrote to memory of 2356	236	Unicorn-55823.exe	40
PID 2108 wrote to memory of 2276	2108	Unicorn-32269.exe	41
PID 2108 wrote to memory of 2276	2108	Unicorn-32269.exe	41
PID 2108 wrote to memory of 2276	2108	Unicorn-32269.exe	41
PID 2108 wrote to memory of 2276	2108	Unicorn-32269.exe	41
PID 3064 wrote to memory of 1428	3064	Unicorn-59959.exe	42
PID 3064 wrote to memory of 1428	3064	Unicorn-59959.exe	42
PID 3064 wrote to memory of 1428	3064	Unicorn-59959.exe	42
PID 3064 wrote to memory of 1428	3064	Unicorn-59959.exe	42
PID 1568 wrote to memory of 1700	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	43
PID 1568 wrote to memory of 1700	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	43
PID 1568 wrote to memory of 1700	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	43
PID 1568 wrote to memory of 1700	1568	714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe	43
PID 3036 wrote to memory of 2928	3036	Unicorn-17737.exe	44
PID 3036 wrote to memory of 2928	3036	Unicorn-17737.exe	44
PID 3036 wrote to memory of 2928	3036	Unicorn-17737.exe	44
PID 3036 wrote to memory of 2928	3036	Unicorn-17737.exe	44

C:\Users\Admin\AppData\Local\Temp\714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe
"C:\Users\Admin\AppData\Local\Temp\714ca971b98ec3a39441188c553503b2c006008c2cbf9f9af213f7b6f9fd7a28N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55823.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55823.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        7⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        7⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        7⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        6⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        7⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
        6⤵
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        6⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        6⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        6⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
        6⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        6⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36456.exe
        5⤵
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53544.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        5⤵
        
        PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
      4⤵
      Executes dropped EXE
      PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26230.exe
        5⤵
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        5⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
      4⤵
      PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
      4⤵
      PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26147.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        7⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        7⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        6⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        6⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        5⤵
        
        PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        5⤵
        
        PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        6⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        6⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55696.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
        6⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53544.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        5⤵
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
        6⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        5⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
        5⤵
        
        PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19301.exe
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
        6⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        6⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        6⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        5⤵
        
        PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      4⤵
      PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
      4⤵
      PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
      4⤵
      PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
      4⤵
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
      4⤵
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
      4⤵
      PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
      4⤵
      PID:4276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
    3⤵
    PID:1488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
    3⤵
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15778.exe
    3⤵
    PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
    3⤵
    PID:4156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36710.exe
        6⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        5⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        5⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        5⤵
        
        PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
        5⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
        5⤵
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
      4⤵
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
      4⤵
      PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
      4⤵
      PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
      4⤵
      PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        6⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        6⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
        5⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        5⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        5⤵
        
        PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        5⤵
        
        PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
      4⤵
      PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
        5⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        5⤵
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        5⤵
        
        PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
      4⤵
      PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
    3⤵
    PID:1296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
    3⤵
    PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37309.exe
    3⤵
    PID:3612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
    3⤵
    PID:3672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
    3⤵
    PID:4164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64972.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36253.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
      4⤵
      PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
      4⤵
      PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
    3⤵
    PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        6⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        5⤵
        
        PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
        5⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        5⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
      4⤵
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
      4⤵
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
      4⤵
      PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
      4⤵
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      4⤵
      PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
      4⤵
      PID:4252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
    3⤵
    PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
    3⤵
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61558.exe
    3⤵
    PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
    3⤵
    PID:4816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
      4⤵
      PID:308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
      4⤵
      PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
      4⤵
      PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
    3⤵
    PID:1600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
    3⤵
    PID:832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
    3⤵
    PID:1536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
    3⤵
    PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
    3⤵
    PID:3592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23605.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
  2⤵
  PID:2240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
  2⤵
  PID:1060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
  2⤵
  PID:3552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
  2⤵
  PID:3704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
  2⤵
  PID:4188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe

Filesize
468KB

MD5
d5cdd27bc87b16a0e0e0ae452f388a49

SHA1
b8f7e6fdd0237ae250882805eec0857961d94717

SHA256
9b0cf482eb34c2802958be67026e988a27da212ae1043e0aea5ec8521dd8ae65

SHA512
a4f25f30a756c2792c956f8ba06a3c07a8e7b65b5ebaa561c29b99eff1c5112c0c66825eceec2a4c5772fff475c19838431ba1cb1daffd5a98d2a58a237fac8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe

Filesize
468KB

MD5
1efb67fc486d9a5b9f6b7428ac2d73c8

SHA1
71fa2033928f00e1da935bfbc0ff8232bb3822a3

SHA256
fdce9b0dbc0c850a70b883d04fff221af2bbb47ecdef88b1f8c5f7099e2ad641

SHA512
2afb3249431f1b22eff95ca644974ebe26faa334650b1e96ae651d115e3b038eeb67696620d5b78bf30fcbddb2613e302fba886e3b7202df60ea0c41b5924377

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe

Filesize
468KB

MD5
85264d2e8f2862d5b86e013ad68e2e75

SHA1
fbb623ce4e3c305ee7b8959d92bcef7f62e0a4c6

SHA256
071ab4c130c3386b2b186f17feceb6c7015b523f8fcce4bbc78749bc5ebcd287

SHA512
ca172acba0aa73055f57bd8687c718cc387322d0727dcc1db60d18dfd1f4fdc53aeceff73cd244a3dd156750e497c68d8dd615ccde341e471f412f4caf674573

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe

Filesize
468KB

MD5
f88a2b0877d1a9c25d23b167777900aa

SHA1
f062482e6aed16da118f73b507842fa94e51d984

SHA256
37f421532c89e4d79266ec129a5e0e1e13e98e4e6824f91bd2598aeb12f38c81

SHA512
cdd3c02635b371c7e83035a53a6de6356ccfc1880b9ca10955a8b5c9b68590a70f17351e4dded1ce5fc02b7be4a7894dc1b05d9f2a23ae44f2905b9fc73843c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe

Filesize
468KB

MD5
22b99f17c7f9e2f54a4e1c275ae8a5aa

SHA1
3eac87f059732d3b0a998d9cf919ae91f03a56cc

SHA256
1c9207bd31bc34aa9b56e20214fa827e1d4bfc793b586045c9403f2b5f31ce6f

SHA512
b66f162473f83e30648df113a7c66b0b4b1f60c1460349fc29da6ea41e4dde89f548ebf05cf689d47eb0c63d8ff64c8c682ae4eb8c2f5a85eb05adca4cdc30cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe

Filesize
468KB

MD5
e497d579c9951a1c1db972fb227932ed

SHA1
e354b4b0d42a97a78469df55b783bc4c5c74ec40

SHA256
826183dd263dddd423770695d6fdeb3f9778a76a1a6767367e022ae12b917437

SHA512
625ac6fe1fb06e86c5625538e9c7029564e2b6642c82805cae43915de929f7e283576d48599254bc35c1598075cccef0c5a0cd0be6ce8e73efbc2897627496d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe

Filesize
468KB

MD5
4a7fe59aad88c08a16309747fa042e7d

SHA1
3847cf26154cd316312f30f22622c67169a86c1b

SHA256
822b43fc442402a1157b6e0456e6ec827dfffd2fdc28a572fecccd1700182107

SHA512
95375ce71c8b462d3c596802d21fb5596cc38f0a58b76109a901d1006ef77af2bf6698ffb8b5655c9efcc50a545e552ad64700614b12d85f78b4b32bfbfebfb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe

Filesize
468KB

MD5
7a6cfbd1d5a8604d1dee3779642882a8

SHA1
624c712de941b89000ef7700a6905b7307e140fe

SHA256
43b60056e874a9dce15d8d152a2aa2c494c3f01daf021d8e4de8325921ce2fe3

SHA512
f1dc1e123fccc5e3dfcb7a5ba450ecf49e48e2fe5a5404b70f4d2c4aa28c20a751649e2d3feb044d330a240abb2a0a67b7fa1b525c8948b6cae2bbb99de7f2fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe

Filesize
468KB

MD5
613bde5738361eeedf5c65c2a501279f

SHA1
16f3d5a0d84f320ea7a7897a55725a194301e935

SHA256
f52755ccf4533962852bdce8d49601b416f0e947f5328787ca0f43687428431a

SHA512
2ba6f648c67a3283a32f0fd0dbc2d7aaa51e8571d5b555e3ea8723ebc48299aeb4998a1df2ad2a375436d041ecb7498c97a714ccc39eda1c67943bf20d5fc097

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe

Filesize
468KB

MD5
4de133a9f47c8c26c1088fc9286a7655

SHA1
5bf4606b8056380704bbd5a947a5ee9e1d53f510

SHA256
bd474596026bccc9a410e8384fbbfbf4a9e8b1315021818afa7b32172e98032d

SHA512
83e8eee1a010b8593830fd8158c6df862f57bf36c6c37f57f36ccd2c92ab58866f33e4dccf59f3f1e82af0524334c08eea6aa87403e1ac2c453cabc963fdde0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe

Filesize
468KB

MD5
1ec24bdf3ba4fd749ecaafc5f77c672b

SHA1
cc529080c21d917610fd7b22cb5be2542eda8ef5

SHA256
d287d8c448d45edcdb9b7ee7b12acfe3e2a62f6a12d1a720cf95e28bc1768c3d

SHA512
d414ef908df882a684411d6a96a0707e65d7754ab8a1c715a19e8cfd7c10fd07073c7e901f1e633d3367e07795b68a1dc552e8377daca4d7f9872e4ec0975785

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe

Filesize
468KB

MD5
8867c6d1c27d6848c72d218963ca4cf5

SHA1
0cb6a1363cc8289095198d495b693f7f8d4416be

SHA256
e06569eb7715ff61f20361cdbf407b47127f2f655e80c958a35a4ff2b18731a1

SHA512
e84d3c716fe8c4db310056d75e35fff86de4e41299478e684278bf6b48bbe6e3890a8323860db70ea47cec04e0b0d44db52c02563b71906dab69e3857212ff38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe

Filesize
468KB

MD5
a2c701f60ae5999c57cd62796eace260

SHA1
abfaeb34c65154288d8b6a4befd960f2271e3cf1

SHA256
ed078347f7ff5e939ae31a85f337d344fc242695dbd3cb0fcfa5e657e6a7bcb0

SHA512
cc4da7d699320422bae06273942d13c23582d59338c8f9d252fd0b75a622b735114ffa2aa69d7290e4a91caaf29d13c225eb3983866f2339585f5a46b30cf67f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe

Filesize
468KB

MD5
7e524ba8016ffa50dc1f554f79b05a44

SHA1
53d8feeaecf7efa209e82a4c2b18becd10f8869c

SHA256
bdf0ea779b1294c0fc3903bef2eff790e4f491be729502f0c9e163ea0512d1f6

SHA512
3a3e402c2ea8947ed0fe88e1b8b0f3f714606654e4ea8d0c4907d098ed0ec515cde1d1910a0a8f4bf02ab4f8ed95587ddffe137ffb8bff57dce5d2a5961c0c9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe

Filesize
468KB

MD5
3c2bd7d7b0700a042503a4c3674a7a63

SHA1
cfd53feb4ea5014149baf2d8ace352e7dac514b3

SHA256
47b1c13bf231bb7453b72a8d9765cf3e09790bd8bbc2db89ffff952a452d3b6f

SHA512
ed35f299ade8fa1145d05f271426936021363048abc8342709160f9e407e286b71b4fa179a1c99e8e59bf75f839bc9ea2d495df6f8f6730324fa46851a19f674

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55823.exe

Filesize
468KB

MD5
8fbef7521e7104fb22d00d0b141663b2

SHA1
f837fac13168dda06ded4dc317f32b27e50af251

SHA256
196388a0eba3ce8d8442ee257e49be4a8334ade3122ac4a1f83871292fbb9ca0

SHA512
db3f5be044a06d53ac9dd95ba40edf2a7adffabe91ce3f54e3c6ef7e6cbe57b24556c1b2b9d1aa48cfb2b9e4c919acae4e0e051ddec01bf9374948b576071f94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe

Filesize
468KB

MD5
a19eea1e281b3c2ae8b328927f5e0b36

SHA1
46ca6b9c121e8f9d57ffd5c205db4194eb023382

SHA256
4abd0f11b04b856503f01755d249c1419f1fcd12241d52788356b9f38b58a07e

SHA512
e0c752e08786fc3b3f509c753016152bd6ff6149d2a02cc3aa02e44cdccb5939bca65d0428c5091785e5638e89d478c02a76faa6ac7baf7e5dd1ca1e0bf35b66

Download Submit