01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61

Analysis

max time kernel
114s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
Size

468KB
MD5

25293f6814b0b2ca1b142386d3a969e0
SHA1

047262e1c71b9f599e7fdf71cb3c04d58d63cbb4
SHA256

01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61
SHA512

d365270abbc1ed1214af4ae2fb8a1159e8bc6ef8f9917c8e4504bf97dc2329b764bccf02dd9025ead6b7d1f39a67387413ffa4dbdd2c4316db90de38962f10fa
SSDEEP

3072:4btCoBIdlF5Ut6YTPzNjffp/0jhFompKqmHeXVPUlJHosq3u6qlH:4b4oWTUt7PhjffLm16lJIf3u6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2520	Unicorn-64819.exe
2500	Unicorn-22246.exe
2400	Unicorn-59749.exe
2696	Unicorn-11620.exe
2796	Unicorn-37220.exe
2808	Unicorn-49124.exe
2612	Unicorn-38355.exe
2576	Unicorn-59664.exe
2636	Unicorn-61510.exe
2436	Unicorn-2103.exe
696	Unicorn-26919.exe
1456	Unicorn-34776.exe
1532	Unicorn-6742.exe
1204	Unicorn-27184.exe
1884	Unicorn-42294.exe
2624	Unicorn-10660.exe
2988	Unicorn-56597.exe
2984	Unicorn-10925.exe
1128	Unicorn-48175.exe
828	Unicorn-12549.exe
1168	Unicorn-40391.exe
852	Unicorn-58077.exe
1304	Unicorn-30613.exe
2584	Unicorn-34143.exe
2132	Unicorn-50479.exe
2224	Unicorn-14853.exe
908	Unicorn-9830.exe
280	Unicorn-9830.exe
688	Unicorn-36866.exe
3008	Unicorn-4001.exe
2212	Unicorn-40291.exe
1096	Unicorn-59197.exe
1892	Unicorn-25394.exe
1632	Unicorn-9249.exe
2512	Unicorn-54921.exe
1716	Unicorn-13504.exe
2352	Unicorn-40369.exe
2676	Unicorn-32083.exe
2804	Unicorn-15939.exe
2720	Unicorn-15673.exe
2960	Unicorn-47081.exe
2716	Unicorn-39675.exe
2856	Unicorn-22955.exe
2580	Unicorn-47265.exe
2248	Unicorn-28169.exe
2652	Unicorn-58315.exe
1964	Unicorn-58315.exe
2880	Unicorn-58315.exe
1972	Unicorn-6846.exe
2492	Unicorn-38750.exe
1936	Unicorn-52486.exe
2644	Unicorn-17392.exe
1068	Unicorn-17392.exe
1984	Unicorn-19813.exe
2892	Unicorn-65367.exe
2884	Unicorn-11527.exe
2276	Unicorn-52560.exe
2116	Unicorn-3935.exe
436	Unicorn-27023.exe
2508	Unicorn-53608.exe
1156	Unicorn-59367.exe
108	Unicorn-38601.exe
2316	Unicorn-57167.exe
1428	Unicorn-39478.exe

Loads dropped DLL 64 IoCs

pid	Process
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2520	Unicorn-64819.exe
2520	Unicorn-64819.exe
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2500	Unicorn-22246.exe
2520	Unicorn-64819.exe
2400	Unicorn-59749.exe
2500	Unicorn-22246.exe
2400	Unicorn-59749.exe
2520	Unicorn-64819.exe
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2696	Unicorn-11620.exe
2696	Unicorn-11620.exe
2520	Unicorn-64819.exe
2612	Unicorn-38355.exe
2612	Unicorn-38355.exe
2520	Unicorn-64819.exe
2400	Unicorn-59749.exe
2400	Unicorn-59749.exe
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2796	Unicorn-37220.exe
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2808	Unicorn-49124.exe
2808	Unicorn-49124.exe
2796	Unicorn-37220.exe
2500	Unicorn-22246.exe
2500	Unicorn-22246.exe
2520	Unicorn-64819.exe
2520	Unicorn-64819.exe
2696	Unicorn-11620.exe
2696	Unicorn-11620.exe
2576	Unicorn-59664.exe
2576	Unicorn-59664.exe
2436	Unicorn-2103.exe
2436	Unicorn-2103.exe
2612	Unicorn-38355.exe
2612	Unicorn-38355.exe
696	Unicorn-26919.exe
696	Unicorn-26919.exe
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2808	Unicorn-49124.exe
2808	Unicorn-49124.exe
1204	Unicorn-27184.exe
1456	Unicorn-34776.exe
1204	Unicorn-27184.exe
1456	Unicorn-34776.exe
2796	Unicorn-37220.exe
2796	Unicorn-37220.exe
1884	Unicorn-42294.exe
1532	Unicorn-6742.exe
1532	Unicorn-6742.exe
1884	Unicorn-42294.exe
2500	Unicorn-22246.exe
2500	Unicorn-22246.exe
2400	Unicorn-59749.exe
2400	Unicorn-59749.exe
2636	Unicorn-61510.exe
2636	Unicorn-61510.exe
1128	Unicorn-48175.exe
1128	Unicorn-48175.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39675.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
2520	Unicorn-64819.exe
2500	Unicorn-22246.exe
2400	Unicorn-59749.exe
2696	Unicorn-11620.exe
2796	Unicorn-37220.exe
2612	Unicorn-38355.exe
2808	Unicorn-49124.exe
2636	Unicorn-61510.exe
2576	Unicorn-59664.exe
2436	Unicorn-2103.exe
696	Unicorn-26919.exe
1456	Unicorn-34776.exe
1884	Unicorn-42294.exe
1204	Unicorn-27184.exe
1532	Unicorn-6742.exe
2988	Unicorn-56597.exe
2624	Unicorn-10660.exe
2984	Unicorn-10925.exe
1128	Unicorn-48175.exe
828	Unicorn-12549.exe
1168	Unicorn-40391.exe
852	Unicorn-58077.exe
1304	Unicorn-30613.exe
2584	Unicorn-34143.exe
2132	Unicorn-50479.exe
2224	Unicorn-14853.exe
908	Unicorn-9830.exe
688	Unicorn-36866.exe
280	Unicorn-9830.exe
3008	Unicorn-4001.exe
2212	Unicorn-40291.exe
1096	Unicorn-59197.exe
1892	Unicorn-25394.exe
1632	Unicorn-9249.exe
2512	Unicorn-54921.exe
1716	Unicorn-13504.exe
2352	Unicorn-40369.exe
2720	Unicorn-15673.exe
2804	Unicorn-15939.exe
2676	Unicorn-32083.exe
2716	Unicorn-39675.exe
2856	Unicorn-22955.exe
2960	Unicorn-47081.exe
2580	Unicorn-47265.exe
1964	Unicorn-58315.exe
2248	Unicorn-28169.exe
2880	Unicorn-58315.exe
2492	Unicorn-38750.exe
1984	Unicorn-19813.exe
1936	Unicorn-52486.exe
1068	Unicorn-17392.exe
1972	Unicorn-6846.exe
2892	Unicorn-65367.exe
2644	Unicorn-17392.exe
2884	Unicorn-11527.exe
2276	Unicorn-52560.exe
2116	Unicorn-3935.exe
436	Unicorn-27023.exe
2508	Unicorn-53608.exe
1156	Unicorn-59367.exe
2316	Unicorn-57167.exe
108	Unicorn-38601.exe
1428	Unicorn-39478.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2520	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	30
PID 2084 wrote to memory of 2520	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	30
PID 2084 wrote to memory of 2520	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	30
PID 2084 wrote to memory of 2520	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	30
PID 2520 wrote to memory of 2500	2520	Unicorn-64819.exe	31
PID 2520 wrote to memory of 2500	2520	Unicorn-64819.exe	31
PID 2520 wrote to memory of 2500	2520	Unicorn-64819.exe	31
PID 2520 wrote to memory of 2500	2520	Unicorn-64819.exe	31
PID 2084 wrote to memory of 2400	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	32
PID 2084 wrote to memory of 2400	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	32
PID 2084 wrote to memory of 2400	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	32
PID 2084 wrote to memory of 2400	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	32
PID 2500 wrote to memory of 2796	2500	Unicorn-22246.exe	34
PID 2500 wrote to memory of 2796	2500	Unicorn-22246.exe	34
PID 2500 wrote to memory of 2796	2500	Unicorn-22246.exe	34
PID 2500 wrote to memory of 2796	2500	Unicorn-22246.exe	34
PID 2400 wrote to memory of 2696	2400	Unicorn-59749.exe	36
PID 2400 wrote to memory of 2696	2400	Unicorn-59749.exe	36
PID 2400 wrote to memory of 2696	2400	Unicorn-59749.exe	36
PID 2400 wrote to memory of 2696	2400	Unicorn-59749.exe	36
PID 2520 wrote to memory of 2808	2520	Unicorn-64819.exe	35
PID 2520 wrote to memory of 2808	2520	Unicorn-64819.exe	35
PID 2520 wrote to memory of 2808	2520	Unicorn-64819.exe	35
PID 2520 wrote to memory of 2808	2520	Unicorn-64819.exe	35
PID 2084 wrote to memory of 2612	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	37
PID 2084 wrote to memory of 2612	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	37
PID 2084 wrote to memory of 2612	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	37
PID 2084 wrote to memory of 2612	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	37
PID 2696 wrote to memory of 2576	2696	Unicorn-11620.exe	38
PID 2696 wrote to memory of 2576	2696	Unicorn-11620.exe	38
PID 2696 wrote to memory of 2576	2696	Unicorn-11620.exe	38
PID 2696 wrote to memory of 2576	2696	Unicorn-11620.exe	38
PID 2612 wrote to memory of 2436	2612	Unicorn-38355.exe	40
PID 2612 wrote to memory of 2436	2612	Unicorn-38355.exe	40
PID 2612 wrote to memory of 2436	2612	Unicorn-38355.exe	40
PID 2612 wrote to memory of 2436	2612	Unicorn-38355.exe	40
PID 2520 wrote to memory of 2636	2520	Unicorn-64819.exe	39
PID 2520 wrote to memory of 2636	2520	Unicorn-64819.exe	39
PID 2520 wrote to memory of 2636	2520	Unicorn-64819.exe	39
PID 2520 wrote to memory of 2636	2520	Unicorn-64819.exe	39
PID 2400 wrote to memory of 1532	2400	Unicorn-59749.exe	41
PID 2400 wrote to memory of 1532	2400	Unicorn-59749.exe	41
PID 2400 wrote to memory of 1532	2400	Unicorn-59749.exe	41
PID 2400 wrote to memory of 1532	2400	Unicorn-59749.exe	41
PID 2084 wrote to memory of 696	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	43
PID 2084 wrote to memory of 696	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	43
PID 2084 wrote to memory of 696	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	43
PID 2084 wrote to memory of 696	2084	01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe	43
PID 2808 wrote to memory of 1456	2808	Unicorn-49124.exe	44
PID 2808 wrote to memory of 1456	2808	Unicorn-49124.exe	44
PID 2808 wrote to memory of 1456	2808	Unicorn-49124.exe	44
PID 2808 wrote to memory of 1456	2808	Unicorn-49124.exe	44
PID 2796 wrote to memory of 1204	2796	Unicorn-37220.exe	42
PID 2796 wrote to memory of 1204	2796	Unicorn-37220.exe	42
PID 2796 wrote to memory of 1204	2796	Unicorn-37220.exe	42
PID 2796 wrote to memory of 1204	2796	Unicorn-37220.exe	42
PID 2500 wrote to memory of 1884	2500	Unicorn-22246.exe	45
PID 2500 wrote to memory of 1884	2500	Unicorn-22246.exe	45
PID 2500 wrote to memory of 1884	2500	Unicorn-22246.exe	45
PID 2500 wrote to memory of 1884	2500	Unicorn-22246.exe	45
PID 2520 wrote to memory of 2624	2520	Unicorn-64819.exe	46
PID 2520 wrote to memory of 2624	2520	Unicorn-64819.exe	46
PID 2520 wrote to memory of 2624	2520	Unicorn-64819.exe	46
PID 2520 wrote to memory of 2624	2520	Unicorn-64819.exe	46

C:\Users\Admin\AppData\Local\Temp\01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe
"C:\Users\Admin\AppData\Local\Temp\01438866b740fe6946c052a9e4f71d6d4f2edb8e4bd1aa88134d55032bf71e61N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1661.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        7⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        7⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        7⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        6⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
        7⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        6⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        6⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        6⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
        6⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
        5⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        6⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44728.exe
        5⤵
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        5⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        7⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        6⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        6⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28169.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
        6⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        5⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
        5⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        6⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        5⤵
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27023.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23180.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24977.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
      4⤵
      PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        7⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        7⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        6⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        6⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14966.exe
        6⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
        6⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        5⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        5⤵
        
        PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        5⤵
        
        PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        5⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        5⤵
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
      4⤵
      PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
      4⤵
      PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
      4⤵
      PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        6⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
        5⤵
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        5⤵
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
      4⤵
      PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
      4⤵
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
      4⤵
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
    3⤵
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
    3⤵
    PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
    3⤵
    PID:4552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33422.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        7⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        6⤵
        
        PID:472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        6⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
        6⤵
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57974.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3774.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        5⤵
        
        PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        6⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        6⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        5⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        6⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        6⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        5⤵
        
        PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
      4⤵
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        5⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        5⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        5⤵
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
      4⤵
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2166.exe
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
      4⤵
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        5⤵
        Executes dropped EXE
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        5⤵
        
        PID:236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        5⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        5⤵
        
        PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
      4⤵
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
      4⤵
      PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35965.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
        5⤵
        
        PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
      4⤵
      PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
      4⤵
      PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18110.exe
      4⤵
      PID:5004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51976.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
    3⤵
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
      4⤵
      PID:4272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
    3⤵
    PID:3388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
    3⤵
    PID:5044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        6⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        5⤵
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        5⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        5⤵
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
        5⤵
        
        PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45498.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        5⤵
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
      4⤵
      PID:4316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12549.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        5⤵
        
        PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
      4⤵
      PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
      4⤵
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
      4⤵
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
      4⤵
      PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
      4⤵
      PID:4580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
    3⤵
    PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
    3⤵
    PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
    3⤵
    PID:4728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21933.exe
        5⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        5⤵
        
        PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        5⤵
        
        PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
      4⤵
      PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      4⤵
      PID:3468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
      4⤵
      PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
      4⤵
      PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
    3⤵
    PID:4408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
      4⤵
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
      4⤵
      PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
    3⤵
    PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
    3⤵
    PID:4088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
    3⤵
    PID:5012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
    3⤵
    PID:5076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
    3⤵
    PID:4376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
  2⤵
  PID:2372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
  2⤵
  PID:3088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe

Filesize
468KB

MD5
7dee6844310fe0602f32ec89f31b0f7d

SHA1
64ac4fcc6579a5bf957045474b49f00471ea2b3a

SHA256
3cdacc431d54bc60899f6920e4969c9df27a9971713939e6a00bc060e5d541ca

SHA512
e3fc892c1d298107a99d505a381d03d5ebc755dd47fad1c994efa6e8f9a7925bdb8bb3391cd5e84dbac03b19da474b63d716f5f6c6b572ad32b4362c1ddd58f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe

Filesize
468KB

MD5
ed16f27a81c2bd2f82e2780a5360c8c2

SHA1
1790dfdfb51bd326c4bcc0466ef79a4c82562b3c

SHA256
87ce6a8154b37d09d70089971702ef044208422fb33dd108636d395c40adeed9

SHA512
06d8b91f63cb1945159d46c0cd194abefc1b28de3edc97a36675da1501b4765b81de970081d1a42b4b68b6ff4f01af74ace8a5c01df2f3be8079236731a86343

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe

Filesize
468KB

MD5
dadabc7a9c1e4a83ada34e64479bdfbb

SHA1
2c4297fe652ca9229f86509032a559f679370a3f

SHA256
8dc9ffc4df6cf01c48893576a4418ee10cf95825ff388f4473cfdcdb2d6ef9f1

SHA512
7274bb062e9e9e0b7739595b41eff0d1381c90ffc0f12ea8c9b4b502f99effd32df2eb4813cbc3d5291eacfbda775dcea25c50aaf06a8e1778dc76713f81a6c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21933.exe

Filesize
468KB

MD5
cd0d80aeb21a4f14e157173326d93219

SHA1
ea75af7651d8dffc9925c1b60f301bc81529f2ba

SHA256
977923eb4e0362d43bc67076378bb1e7923f145d664e63729d38ea8e23d71c2f

SHA512
7f115cba1f1c6268105ee143577881d1021df908fce298e5d208312e5389ec2c9a1364db4a0c7fc7ce2aaa9ee02897e3b191d6a887ece6212b070a6e165e5aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe

Filesize
468KB

MD5
0e99a7b98ebc7d69b6ab14a7030adb94

SHA1
316f70909b8811f256b082e49a8b6121fa98246f

SHA256
f5852dc4d71a67cfafa8d900b2d17ce26ab5f4fa5c48c785a224d4cfa5b2bb27

SHA512
8add2e5e6b093c7019d8323e9c0aaec347c598d04937abdd27d9f00d658a2749ff18ba0729fc31c31bd971feb5847951e18361f74de2b12bcaddf8ef491a8bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe

Filesize
468KB

MD5
a5e8ee041d244b9f607d20b8b5794f26

SHA1
11bb566497e90ac50dc1a33a22840c1c76b65ca9

SHA256
f557383c30e5d4276a6f56e3ea4a44d8feab7199706deed880681336165d4558

SHA512
5becec5444f332d1c869c516ec5652ba8abcc9d1d099777fb8398d381fb5dccbcd1875c97c67882809a0d35a8eb5c69642b7260cff657daa8b7c848b15dc1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe

Filesize
468KB

MD5
0b006a62504e6d4ffcf3a36f24a253aa

SHA1
89ce867c8109f0e3199751f8a1e941ed0ee92009

SHA256
0a50998c087b7bbfd5b2971db97ccb2654c9b174e7f18b2e7a1f1a8638ba2912

SHA512
c5afddf7036f303fadc8ffc8733b41c41db27ae6e736d4c979cf09a4daf773d9f39f563919ecbef5a4eebc333eb27075cc67f5cc4d8a7f8a3e1285e0928f829b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe

Filesize
468KB

MD5
9f1d9bfd31d0163c4a4253510017f45d

SHA1
422d9f4f0fbf61f6ba9b3d0f2031c404ddb357a7

SHA256
586f372b1b82900ffc306f51d1aa391c4b5fc43cbebf912b58dde574b364f4c4

SHA512
6c2a5195daf59fc2533c2dfdaef839ddb8a6650857825a1a99472ff7c80ebaae189b1ce9e79814d2f1f9c55c2f6dfcf1bb9f22877cf56713c6ca1dd0fac1b7b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe

Filesize
468KB

MD5
269314a676bcf8322178e94f4d0dfbba

SHA1
6733f91e221bf8ab2341af583b61ce6c057da544

SHA256
0309b5465e591e3901a05321d2867b4a8e00e26a842ea705db6be12fe7e6b765

SHA512
c59ccefbb9e892b34614f0ddf861e4fabcaa2fd355bb8b7ebf325fbb14227f710aa8eb557c931cb265752d72287fb4697476ac3a6eb0b118d8eefb11dab4d2d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe

Filesize
468KB

MD5
249ab5efe1c8bf117e90c95d1308250f

SHA1
7dc6df9c811f6142094869c47b77e5ab1d77e2f6

SHA256
b7d82a871e82d5c0e9dcbc97e199b0aa5b534863affdd6522300d3ab92d4644f

SHA512
f18e01ebf8ff4fe53eff663216d97349539dba5e2b0681397f30e7b1e1213aaaf09ac00e3941a74da4f75224f890f0d292e6061a3e882c13db5a456fa4dcba4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe

Filesize
468KB

MD5
3ffe0220b00ee3f884b7de49f0623ec3

SHA1
ef3f10fef5c55886fae1a70f1a435fd66196e6a2

SHA256
f39a3b317313cef2b04af8f9c45f469d73e91e7c6d02d1a0dab4fe7aed3d9112

SHA512
6357cd3bd02862c874045663f2a7a3c07b6d1cf88da10199c20e02347908f5f241a0356ef86588e13ec7b0a5d2e920f49243866b5165e336bb1154212570ebf1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe

Filesize
468KB

MD5
bb364a2ced240fb7a0fe3737b5a6c4b4

SHA1
93ee1fb8921066c927192eb7a1632039614409f2

SHA256
b81dcda6c67741467051f551b2d0be6108fda0831568bc61b1a45b26dcdc5aa9

SHA512
b1b1c29f350cbfd56ed9f43eb136f58b7fab763a1d809f31411af933a058a03dd408b1f53288576fee05ae2407238a0516928aa72a3fb143780930f892d61c80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe

Filesize
468KB

MD5
5b29ba22cbf5d564a1909ce4452a4ead

SHA1
6c12d9a74562da73359ae5e7443cca0495af6254

SHA256
9ec1700a7d252e80634159f6391605e8c3f1c24c7ae790ae37401bf94d7a4791

SHA512
7040fc7ca6d7cd19181c9ef32feb06c8378b6079467e950622c1a6004f2f8b221361fe73d00d631799251a65130e2b6aed948e2b44ca4eebd103782044dca292

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe

Filesize
468KB

MD5
282421b6733fa85620ca12c62ce77648

SHA1
06642967e79b1e37966b8c4e0d35d7ba3585bf62

SHA256
3d29afb04ee54c508da9855f6f09259f2fd9713799eac2bd00a0d81b96a5440d

SHA512
3e4859a1f5d6e93619d14cdce77c6588208efd2629349d05c1c5db7b2bf72cc38e458b2447aa32f4eb0b028273dbd0d32bd77bf159e40983e345240e0307b0e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe

Filesize
468KB

MD5
0540cd32b429b1f719b893911557b4e8

SHA1
be48d9431229c2b55c8ba3ddb830064ca3a21149

SHA256
39b758fcdefdb5249513450e5445b8e8dc63d284fb88b45063871f5dac5d5b45

SHA512
6eb5a683e5a4e1997b7f26000d4354953913a3cf9e6a3145fef1cb42885a65e868f2a7107dd989a70ddcddf48827f4a2d2a127d5369409fe4440d0afe82ccb0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe

Filesize
468KB

MD5
acb53b78f0c41ea88eee8bafda78fefa

SHA1
abadd2742e1c3d6e3180c0276dc872599b9694f4

SHA256
9ab54e93b64c2320bae5c8e12d59e70b3247a9fffc1cd70afc55f74f21429de9

SHA512
bb9d050348f0d04983b7efb5dbf7163c5c972ec1ded519bf5e466d59622e58186e641a468291e2f66a51b18ce2d5b24ffe2d75f657a64db74c103cd47bf834d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe

Filesize
468KB

MD5
626ef4761c7395d33f9754eac1738a69

SHA1
f8960378b5eb7c64d7451b37be9492f3fff890cd

SHA256
bf892b2a02e1830c8491e117d2efcf4a9ea61558f0c533b5476436bb59bfed6b

SHA512
906126e30caeb74c3a52b9413b485ece083ed975ea7bcf0524be54bdc137dd9510c79941b7dd90d9aec65cec118b3ebe9c54dc9fc9613fe3bb3b0d012e1d2590

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe

Filesize
468KB

MD5
271d07aba08e4147c874cd685abe3583

SHA1
a7114359129bd8ca52b4c1d4637be4072962407a

SHA256
54f9a08dc67ebcab285300d21c28af96ff52b9e8a86f26eafc73f28f9d580dc9

SHA512
6ed04c6553a9c675529546267aad930b264a75cd89e3402451bbad58defd459cc62c74e1c14d9f0fec86490b589b9c800ba21153865ead4dcddb9a821ad1cd03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe

Filesize
468KB

MD5
4ce6df3914d674750b6d0f471a5c5a74

SHA1
2d94f2a59e006dc5081bb20c1565c962c4ac7629

SHA256
086437195c0e8a3684193636b036a1c065ec5a71dea18dba1cf5fca94522be7e

SHA512
1864d1c23330ad5f4afed9a25082f14814d69c3ac6e2ba773cec4064bc13e39dd64dc6472ee1abb877804df9639cdf026bd02e1463b69ba0923b4663946d0a48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe

Filesize
468KB

MD5
4a3ea3219f26bc6af6ce08807c09116c

SHA1
46933b4f8c04542bd2355b236f3a90913c28d6c0

SHA256
89a3b7ae60c5b28b33470fde58ee1a168c8cfcbe161ded10b26b658d6ca3e962

SHA512
08aa777788f358999a77c062e9145cb9745cc6eba206a401e982c0b515b6be1b424fbcf0f8be6bbbcb2770ab981511f738653d672ec6198da9b2ea1de3fbc043

Download Submit